I have a Windows server and so far shared a folder D:\AAA
as "ShareRW" with full share permissions ("Everyone - Full") and some stricter NTFS permissions as required on and below that folder; for example, UserX has full access to D:\AAA\BBB
, read access to D:\AAA\CCC
and cannot even see D:\AAA\DDD
(because it has inheritance disabled and explicit rights only to other users). I checked on the server that the effective rights of UserX are indeed as desired.
Now I wanted to add the option to "mount -r" the same content and therefore created a second share with a different name "ShareRO" on the same folder and with only "Everyone - Read" permissions (and of course with the same old NTFS permisssions).
Now my UserX does both NET USE W: \\server\ShareRW
and NET USE R: \\server\ShareRO
. I expected R: to look the same as W:, except that writing/changing is not allowed. But reality begged to differ:
- The user can change stuff in
W:\BBB
, they can read stuff in W:\CCC
, and they do not even see that W:\DDD
exists
- The user can read stuff in
R:\BBB
, they can read stuff in R:\CCC
, but they see that R:\DDD
exists and some metadata (size, creation date) though they cannot open it.
What am I doing wrong here?