«

Hey,

Assuming I have the following directorty structure:

X:\sub1\sub2

I share X:\ and use NTFS permission to allow access to
sub1 across my network.

However, I wish to share sub2 and not grant access to all
who have acces to sub1 (inheritance) BUT also give access
to some users who do not have access to sub1.

I can think of two ways to do this:

1) Grant 'List and Traverse' NTFS permissions to those
users who need access to sub2 so allow them to get through
sub1. Grant these users appropratie permissions (RWXD) to
sub2.

Block inheritance on sub2 (maybe deny permissions to users
of sub1?).

OR

2) Remove all permissions on sub2.

Create a separate network share on the sub2 folder (DFS??).

Grant permissions to users to access the sub2 share.

My question is about the security implications of the
network for each of these solutions ie is the the second
solution secure (I'm under the impression nesting shares
is not a good idea from a network security standpoint) or
does it create a possible security hole?

Solution one will however allow users to look at the
contents of sub1 (though not do anything to them) - though
may be more time consuming to set up and manage due to the
complexity of permissions....

Or is there another solution that I haven't thought of?

Thanks in advance,

Scott.