Windows 2008 Access Based Enumeration

Posted on 2012-08-17
Last Modified: 2013-04-22
We have a Windows 2008 Active Directory environment with Windows 7 workstations.  We have a shared drive at the root of the share, the users have Read attributes, Read extended attributes and List.  Within this folder, are folders assigned to different groups.  When a user logs in, he has access to the contents within the folder which he has rights to but he can see all of the other folders.  For example, at the root folder the AllStaff group has the three rights within the folder each other is assigned rights only to the appropriate group and domain admins.  Inherited rights were not allowed to propagate to the sub folders. When he doubles clicks on one of then, a message is displayed indicating that the folder is no longer available.  We have checked the ABE box from the File and Sharing area of the Fileserver Role.  Is it correct that the only folders visible should be the ones to which a user has explicit rights?   Are we missing something?  Thanks for any help.
Question by:cssunetadmin
    LVL 7

    Expert Comment

    Hi cssunetadmin,

    Yes Access Based Enumeration removes the folders and files that users doesn't have have any right to.

    This feature is good if your folder structure is large and want to speed up the users browsing through the folders.

    However some users may still prefer to see the directory even if they don't have rights to access just to make sure that folder and files are there.

    Author Comment

    Maybe my question wasn't clear- it isn't working as designed.  Even though we have implemented ABE, the folders to which the user has no permissions still show.
    LVL 6

    Accepted Solution

    Can you check the group of an user with WHOAMI to be sure that they are not in a group they shouldn't

    You can also check with the AccessChk Sysinternals Tool

    Check also the result of an dir /s

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Want to promote your upcoming event?

    Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

    Are you having trouble running ADPREP on your current 32-bit Domain Controller? Have you ran ADPREP multiple times on your Domain but still get an error stating you have not prepared your Domain yet? Here is a change that gets even the most seaso…
    I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now