Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

File/Folder Access(Server 2008) with terminal services

  • Filter
  • Time
  • Show
Clear All
new posts

  • File/Folder Access(Server 2008) with terminal services

    Hi there guys and gals,

    I am looking for help regarding folder/file access for a Share that sits on a Sever 2008 box.
    So I have 10 dummy terminals on a floor that people access for verification when manufacturing. The terminals (nComputing software) run off a 2003 box. All the workers have a generic domain login.

    My issue is that they need to access a single file(read only) off the 2008 box but deny them access to everything else. At the moment they can access the file fine but they can also access other files and folders within that share. I have set the permissions in the advanced tab on the share to deny Create/write data, Delete. If I Deny "List/Read" to the folder they cant open up the file.

    I created a shortcut to the file in question and put it on the desktop. When I open the file it creates a network place/ mapped drive that the workers can then open up to view other files and folders. Is there any way to turn this off?

    On the 2003 box in Group Policy I have disabled -
    "No computers near me"
    "No entire Network"
    "Remove Map network drive "...disabling these helped in a way - it stopped users mapping to the share...but as soon as they click on the shortcut to the file a mapped connection appears!

    The ideal solution would be to have a shortcut to the file on the desktop of the dummy terminals. When they click on it opens up but does not create a mapped drive that they can access...can this be done?

    Thanks in advance!

  • #2
    Re: File/Folder Access(Server 200 with terminal services

    If you grant them permission to access the folder with read only rights, then create a shortcut to the file using a UNC path, that should work.

    The shortcut path will take the form \\servername\sharename\...\filename.ext

    You can use a GPO to prevent staff from manually mapping the share to a drive letter.

    However, they will still be able to access the share by manually typing the address (or copying the address from the shortcut's properties) in Explorer.

    The only way to truly prevent them from accessing other files is to either create a new share that only contains the file(s) they need


    Drop the file(s) into a dedicated sub-folder within the share then use DFS and set up a namespace and create a folder beneath the namespace that connects to the dedicated folder on the server containing the data.

    They can map the DFS share but they will only be able to access the dedicated folder.
    A recent poll suggests that 6 out of 7 dwarfs are not happy