Prior to ABE (Access-Based Enumeration), a user who had access to a share could see all the shares sub-folders, even if they didn't have permission to read the sub-folder.
If you enable ABE on a share, users who don't have permission to read a sub-folder will NOT be able to see the sub-folder when they enumerate the share.
NOTE: See Windows Server 2003 Access-based Enumeration tool. NOTE: If you have redirected user folders at \\ServerName\Users, you can hide the other user's folders by enabling ABE on the share:
shrflags \\ServerName\Users /abe true /forreal
When I type shrflgs /?, I receive:
ShrFlgs V01.00.01cpp Joe Richards ([email protected]) February 2005 Usage: ShrFlgs \\server\share \[switches\] server Server to work with. share Share name to work on. If '.' is specified, ShrFlgs will enumerate all shares and display or update them. Switches: (designated by - or /) -forreal Really make changes. -noadmin Don't display admin shares. -abe (true|false) Set/clear access-based enumeration. -afd (true|false) Set/clear allowed forced delete. -nscache (true|false) Set/clear Namespace caching. -exclopen (true|false) Set/clear allow exclusive open. -csc xxx Set client side caching mode. Valid values for xxx: none - No offline caching auto - All files opened by user will be cached. manual - User selected files will be cached. vdo - All files opened by user will be cached, optimized. Note: Access-based enumeration requires at least Windows 2003 SP1. You will not get an error on earlier OS'es if you try to set ABE, it simply will not be set. Ex1: shrflags \\server\sh1 Display current settings for share sh1 on server Ex2: shrflags \\server\. Display current settings for all shares on server Ex3: shrflags \\server\sh1 /abe true /forreal Set access-based enumeration on share sh1 on server Ex4: shrflags \\server\. /abe true /forreal Set access-based enumeration on all disk shares on server Ex4: shrflags \\server\sh1 /abe false /forreal Set legacy enumeration on share sh1 on server This software is Freeware. Use it as you wish at your own risk. I do not warrant this software to be fit for any purpose or use and I do not guarantee that it will not damage or destroy your system. If you have improvement ideas, bugs, or just wish to say Hi, I receive email 24x7 and read it in a semi-regular timeframe. You can usually find me at [email protected]Press the Download button on the following Web page:
0 comments
Hide comments