Guest Gunnertac Posted July 18, 2007 Posted July 18, 2007 My file server is setup reasonably simple like this. \\server\root directory is where all permissions start. Employees are granted only Traverse Folder\Execute File and Liste Folder\Read Data permissions. This lets them get through to lower folders without being able to add/modify root level folders. At the next level folder employees have custom permissions which is Full Access checked and then edited in Advanced Security to remove Full Control, Change Permissions and Take Ownership. All other permissions are granted and nothing is denied. This gives the employees pretty much full access to that lower level folder and they can add, remove, modify...everything. I then turn on Access Based Enumeration and it appears to work perfectly. Employees cannot even see some of the lower level folders where they have no permissions. They have all the rights they used to have and now can't see those folders they have no rights to. However, once ABE is enabled, links to files in email don't work anymore. They get a "file not found" error as soon as they click on the embedded link in email, whether in Outlook client or OWA. The employees can go into the folder manually and can open the file with no problem but they cannot open it from within an email. The instant I switch off ABE they are able to open the file with no problem...they don't even have to log out or anything. If I add the employee to the domain Administrators group (and log out and then back in to get that access) those same links will work from within email for those employees with ABE enabled. I remove them from the Administrators group and they lose the functionality. Bottom line is that with ABE enabled links to files in email don't work for standard employees. That same email sent to an administrator works fine. Administrators have full access to all folders from the root on down. Is this a known issue? Is it fixable? Any help is appreciated. TIA. -- Tim Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.