I have a Windows server and so far shared a folder D:\AAA as "ShareRW" with full share permissions ("Everyone - Full") and some stricter NTFS permissions as required on and below that folder; for example, UserX has full access to D:\AAA\BBB, read access to D:\AAA\CCC and cannot even see D:\AAA\DDD (because it has inheritance disabled and explicit rights only to other users). I checked on the server that the effective rights of UserX are indeed as desired.
Now I wanted to add the option to "mount -r" the same content and therefore created a second share with a different name "ShareRO" on the same folder and with only "Everyone - Read" permissions (and of course with the same old NTFS permisssions).
Now my UserX does both NET USE W: \\server\ShareRW and NET USE R: \\server\ShareRO. I expected R: to look the same as W:, except that writing/changing is not allowed. But reality begged to differ:
- The user can change stuff in
W:\BBB, they can read stuff in W:\CCC, and they do not even see that W:\DDD exists
- The user can read stuff in
R:\BBB, they can read stuff in R:\CCC, but they see that R:\DDD exists and some metadata (size, creation date) though they cannot open it.
What am I doing wrong here?
