Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 489
  • Last Modified:

Windows 2008 Access Based Enumeration

We have a Windows 2008 Active Directory environment with Windows 7 workstations.  We have a shared drive at the root of the share, the users have Read attributes, Read extended attributes and List.  Within this folder, are folders assigned to different groups.  When a user logs in, he has access to the contents within the folder which he has rights to but he can see all of the other folders.  For example, at the root folder the AllStaff group has the three rights within the folder each other is assigned rights only to the appropriate group and domain admins.  Inherited rights were not allowed to propagate to the sub folders. When he doubles clicks on one of then, a message is displayed indicating that the folder is no longer available.  We have checked the ABE box from the File and Sharing area of the Fileserver Role.  Is it correct that the only folders visible should be the ones to which a user has explicit rights?   Are we missing something?  Thanks for any help.
0
cssunetadmin
Asked:
cssunetadmin
1 Solution
 
lucifer82Commented:
Hi cssunetadmin,

Yes Access Based Enumeration removes the folders and files that users doesn't have have any right to.

This feature is good if your folder structure is large and want to speed up the users browsing through the folders.

However some users may still prefer to see the directory even if they don't have rights to access just to make sure that folder and files are there.
0
 
cssunetadminAuthor Commented:
Maybe my question wasn't clear- it isn't working as designed.  Even though we have implemented ABE, the folders to which the user has no permissions still show.
0
 
BxozCommented:
Can you check the group of an user with WHOAMI to be sure that they are not in a group they shouldn't

You can also check with the AccessChk Sysinternals Tool
http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx

Check also the result of an dir /s

http://blog.vmpros.nl/2009/03/17/microsoft-windows-server-2008-access-based-enumeration/
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now