I have a network share folder that I was recently cleaning up permissions to. I took off the four individual names from the access permissions to the folder, and added a new security group (Universal) with standard Read/Write permissions to that folder, then added those 4 people to the group.

However... now nobody can see the folder. The users can see the other 9 folders in that shared drive, but the 10th is missing. I cannot see any security permission in the parent folder or in the folder itself which would cause it to be invisible to anyone, regardless of whether they have permission to open it or edit files within.

Edit: The file server (unlike the Exchange and DC) is Server 2008. Apologies for the incorrect information previously, I had not actually remoted into the file server directly before. However, for the share in question Access Based Enumeration is disabled.

Edit 2: As noted in a comment below, ABE was enabled. Confusingly, someone set up the shared area for the site using nested shares... \server\share\shareA\folders. While 'share' did not have ABE enabled, 'shareA' did. My lack of in-depth knowledge of the configuration delayed accurate diagnosis of the issue.


You may be encountering Access Based Enumeration. Basically, if your user account does not have read permission on a directory, it is hidden from view.

As already mentioned, this is because you removed the users explicitly defined access and replaced it with a group, and the affected users logon tokens do not include the new group they are a member of. A simple logoff/logon should refresh the logon token to include this new group and make the directory visible in Windows Explorer.


For the permissions to the group to take effect you need to have them log off and log back in. If you haven't done this they will be unable to view the folder because their account is not linked to the group yet.


Have the users relogin to the workstation. This will update their token with the new group membership.