Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Windows 2008 Access-Based Enumeration

Posted on 2012-09-08
Medium Priority
Last Modified: 2012-09-08
I am trying to get the windows 2008 Access-Based Enumeration working with NO luck.

I have created a share using the MMC  Share and Storage Management.
Test user =  Jtesting
Domain membership  = Domain users
Provision Share
Physical location e:\Jayson
Share name =  hidden

Permissions are full control Domain Admins

When accessing the shares from a windows xp machine as user jtesting I  expect Not to see the folder  “Hidden” .  however I am seeing the folder as screen shot Folder indicates.  The test user has no access to the folder.  

So how do I prevent the users from seeing the folders.  Have I missed a step in the setup?
MMC starting pointhiddenhidden advhiddent ntfshidden sharejtesting domain membershipshared folders from workstaiton
Question by:JaysonJackson
LVL 86

Accepted Solution

oBdA earned 2000 total points
ID: 38379779
Access Based Enumeration does not hide the share that has ABE enabled; it hides folders inside that share for which the users has no access.
So currently, the test user may be able to see the share, but he should not be able to access it.
To test ABE, create a share for which the user has permissions, then create one subfolder inside that share for which he does have permissions, and one for which he does not have permissions. When the test user changes into the shared folder, he should only see the one folder he has permissions for.
Note that "hiding" the share by adding a "$" to the share name does not hide the share, either. The "$" is the server's wish to the client(!) to not show that share when listing shared resources, but it's up to the client whether it respects this or not. There have always been tools to show those "hidden" shares, and since Windows Vista, "net view" supports the argument "/all", which will show hidden shares of a server as well.
Note, too, that ABE will never apply to users with local administrator permissions on the machine hosting the share, even of this administrator account may not have permissions on a folder. Administrators are always exempt from ABE.

Author Closing Comment

ID: 38380067
Thanks for the great feedback.  this helps quite a bit. thanks again.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question