You are currently offline, waiting for your internet to reconnect

You cannot configure NTFS permissions to hide files or folders from unauthorized users

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q303758
Novell NetWare administrators can configure permissions so that users cannot see files or folders in the file system for which the users do not have Read access by removing the File Scan (F) permission. This type of access control is not supported by the NTFS file system. Therefore, users can view the contents of any folder for which the user has the List permission. Removing the List permission for the folder prevents the user from gaining access to any file in the folder.
Returning a list of files and folders based on file permissions would require a full access check on every object in the directory. In the Windows NT and Windows 2000 distributed security model, this would use up a lot of CPU cycles and service request time. If you had more than a certain number of objects and a very complex Access Control List (ACL) structure, the Server Message Block (SMB) request might time out.

The List Folder Contents permission may be useful because it allows users to list the contents of a folder without having permission to read the files. If you assign the Read Data permission on the contents of a folder without the List Folder Contents permission on the folder itself, users receive an "Access Denied" error message in Windows Explorer or at a command prompt. Windows Explorer and the command prompt attempt to gain access to the folder before gaining access to the files that are located in the folder.

Table 12.7 on page 657 of the "Internetworking Guide" in the Windows 2000 Resource Kit contains a comparison of NetWare permissions and NTFS permissions. This table compares the File Scan (F) permission to the List Folder Contents permission. The comparison in this table is inaccurate (as described in this article).

This functionality is now available in Microsoft Windows Server 2003 Service Pack 1 (SP1). The feature is known as Access Based Enumeration. For more information about this feature, visit the following Microsoft Web site:

Article ID: 303758 - Last Review: 03/01/2007 21:16:32 - Revision: 3.4

Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Web Edition, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition, Microsoft Windows NT Server 4.0 Standard Edition, Microsoft Windows NT Workstation 4.0 Developer Edition

  • kbenv kbinfo KB303758
/html>');'ms.dqp0';m.content='true';document.getElementsByTagName('head')[0].appendChild(m);" onload="var m=document.createElement('meta');'ms.dqp0';m.content='false';document.getElementsByTagName('head')[0].appendChild(m);" src=""> ;did=1&t="> Uruguay - Español
대한민국 - 한국어
España - Español
Paraguay - Español
Venezuela - Español
var varAutoFirePV = 1; var varClickTracking = 1; var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" t.getElementsByTagName('head')[0].appendChild(m);" onload="var m=document.createElement('meta');'ms.dqp0';m.content='false';document.getElementsByTagName('head')[0].appendChild(m);" src="">