Announcement

Collapse
No announcement yet.

Access-based Enumeration doesn't work

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access-based Enumeration doesn't work

    Hi,

    I was wondering if i could get some help here. I was doing a bit of exercise on the file sharing permission with a shared folder on the server.

    I created two folders, test1 and test2. The "test1" folder is meant for "domain power user" to access while "test2" is for "mobile users". Anyone with Administrator right has permission to access both the folders.

    Then, i learnt that windows SBS 2003 does provide Access-based Enumeration feature that makes visible only those files or folders that the user has the rights to access. It says windows will not display files or folders that the user does not have rights to access.

    I have enabled this ABE on both test1 and test2 but i could still see the folder "test1" when i log on as a user that has "mobile user" permission. What's happening here? have i missed out on anything? what should i do in order to have ABE to work for me?

    Thank you in advance

  • #2
    Re: Access-based Enumeration doesn't work

    There is nothing special here to SBS as it behaves EXACTLY like Windows 2003 Server. So I am moving this post to that forum where you will get wider exposure.
    TIA

    Steven Teiger [SBS-MVP(2003-2009)]
    http://www.wintra.co.il/
    sigpic
    Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

    We donít stop playing because we grow old, we grow old because we stop playing.

    Comment


    • #3
      Re: Access-based Enumeration doesn't work

      Originally posted by associates View Post
      I have enabled this ABE on both test1 and test2 but i could still see the folder "test1" when i log on as a user that has "mobile user" permission. What's happening here? have i missed out on anything? what should i do in order to have ABE to work for me?

      Thank you in advance
      ABE works only when you access the data from a share. If you are trying to look at the data locally (Windows Explorer on the file server itself) ABE will not help you there.
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        Re: Access-based Enumeration doesn't work

        Thank you, Guyt, for your reply.

        Hmm... I think i access the data from a share. Those data are actually in a shared folder on the server. I have a network with 6 computers and a server. We usually keep all the files on the server and just open it whenever we need to work on it. Hence, i do not try to look at the data locally.

        I actually tested it with my laptop. I can access to the files on the server from my laptop using my login credential with no problem.

        Anyway, this is how i set up the shared folder on the server.

        I have a shared folder called "Kimberley" sitting on the SERVER. At the
        moment, everyone can access to it. It has sub-folders as follows

        C:\Kimberley that has the following setting configuration
        Share Permission
        =======
        "Everyone(Full Control) and Staff Admin(Full Control)"
        Security
        =====
        Administrator (Full Control), Creator Owner(only Special Permission), Mobile
        Users(everything except Full Control), System(Full Control), Users(Read,
        Write Execute).

        C:\Kimberley\Management (ONLY members of Power Users)
        Share Permission
        ===========
        Administrator(Full Control), Domain Power Users(Full Control)
        Security
        =====
        Administrator(Full Control), Domain Admin(same as Administrator), Domain
        Power Users(same as Administrator)

        After all these, i enabled the Access-based Enumeration for
        "C:\Kimberley\Management". The "Kimberley" shared folder does not have
        Access-based Enumeration enabled. Next, i tested it by logging on as a user
        that's a member of "Mobile users" to a computer and i still saw the folder
        "Management" at "C:\Kimberley".

        i wonder if you could show me some help here.

        Thank you in advance

        Comment

        Working...
        X