I'm having trouble coming up with a solution to this one, maybe because I don't know enough about how Windows ACLs work.
I have two folders, let's call them Directory A and Directory B. These are contained within another directory.
The users that are supposed to see Folder B are in an AD group; Group B. It's not practical to put everyone else in a different group - this is for just a few out of 1000 users.
I just want the users who are in the group to see Folder B, and Everybody Else to just see Folder A.
How should I set up my permissions?
(In case this is relevant, these folders are for Start Menu shortcuts for users whose Start Menu is redirected to a network location via GP.)
It sounds like you need Access-based enumeration, which is a fancy way of saying "if you don't have access to it, you can't see it".
See here.
So far as I'm aware, you can't use permissions to determine which folder a group can see. You can use Deny to keep a group from accessing the folder, but it'll still be visible.
In the advanced security settings for folder B turn off inheritance. Create a group for the folder B users. Assign this group rights to the folder.
So you would give read access to AD group B and remove all other groups. Then you would allow all read for folder A.
Do you need group B not to see folder A?
Maybe, only grand Group B for folder B, and deny Group B for Folder A. All groups should be assigned on the parent folder.
Hope it helps.
What you want is the Access Based Enumeration feature in Server 2008 or 2008 R2, it will allow you to hide a folder from a user as you have requested.
See MVP Blog post for more info.
Also, you can install the ABE add-on for Server 2003 if you're not running Server 2008.