G
Gunnertac
My file server is setup reasonably simple like this.
\\server\root directory is where all permissions start. Employees are
granted only Traverse Folder\Execute File and Liste Folder\Read Data
permissions. This lets them get through to lower folders without being able
to add/modify root level folders. At the next level folder employees have
custom permissions which is Full Access checked and then edited in Advanced
Security to remove Full Control, Change Permissions and Take Ownership. All
other permissions are granted and nothing is denied.
This gives the employees pretty much full access to that lower level folder
and they can add, remove, modify...everything. I then turn on Access Based
Enumeration and it appears to work perfectly. Employees cannot even see some
of the lower level folders where they have no permissions. They have all the
rights they used to have and now can't see those folders they have no rights
to. However, once ABE is enabled, links to files in email don't work anymore.
They get a "file not found" error as soon as they click on the embedded link
in email, whether in Outlook client or OWA. The employees can go into the
folder manually and can open the file with no problem but they cannot open it
from within an email. The instant I switch off ABE they are able to open the
file with no problem...they don't even have to log out or anything.
If I add the employee to the domain Administrators group (and log out and
then back in to get that access) those same links will work from within email
for those employees with ABE enabled. I remove them from the Administrators
group and they lose the functionality. Bottom line is that with ABE enabled
links to files in email don't work for standard employees. That same email
sent to an administrator works fine. Administrators have full access to all
folders from the root on down.
Is this a known issue? Is it fixable? Any help is appreciated. TIA.
--
Tim
\\server\root directory is where all permissions start. Employees are
granted only Traverse Folder\Execute File and Liste Folder\Read Data
permissions. This lets them get through to lower folders without being able
to add/modify root level folders. At the next level folder employees have
custom permissions which is Full Access checked and then edited in Advanced
Security to remove Full Control, Change Permissions and Take Ownership. All
other permissions are granted and nothing is denied.
This gives the employees pretty much full access to that lower level folder
and they can add, remove, modify...everything. I then turn on Access Based
Enumeration and it appears to work perfectly. Employees cannot even see some
of the lower level folders where they have no permissions. They have all the
rights they used to have and now can't see those folders they have no rights
to. However, once ABE is enabled, links to files in email don't work anymore.
They get a "file not found" error as soon as they click on the embedded link
in email, whether in Outlook client or OWA. The employees can go into the
folder manually and can open the file with no problem but they cannot open it
from within an email. The instant I switch off ABE they are able to open the
file with no problem...they don't even have to log out or anything.
If I add the employee to the domain Administrators group (and log out and
then back in to get that access) those same links will work from within email
for those employees with ABE enabled. I remove them from the Administrators
group and they lose the functionality. Bottom line is that with ABE enabled
links to files in email don't work for standard employees. That same email
sent to an administrator works fine. Administrators have full access to all
folders from the root on down.
Is this a known issue? Is it fixable? Any help is appreciated. TIA.
--
Tim