Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 210
  • Last Modified:

ABE (Access Based Enumeration) WSE2012

Hi,

I have turned on the ABE on a shared folder.
Unfortunately, despite removing the selected user for the security & sharing permissions, the share is still visible to those who shouldn t see it?

Any ideas why?

Thanks
0
defrey
Asked:
defrey
  • 3
  • 2
1 Solution
 
rhandelsCommented:
As far as my understanding goes ABE only works on NTFS permissions not on share permissions. If you don't want users to see a specific share share it hidden (using the $ sign at the end of the share name).

Also, normally, in basic NTFS security setting, the everyone group has full control on share level (or read/write) and permissions are set on NTFS level, meaning they are able to see the share.
0
 
Wilder_AdminCommented:
Hi defrey,
ABE is not belonging to the sharing permissions. Only to the NTFS Security.

Here an example:


We have a share on a server : \\srv-file01\SHARE
This share contains some folders
\\srv-file01\SHARE\FOLDER1
\\srv-file01\SHARE\FOLDER2
\\srv-file01\SHARE\FOLDER3

I apply ABE on \\srv-file01\SHARE and set NTFS permission on each subfolder (USER1 for FOLDER1, USER2 for FOLDER2, ...)

I log in a client with USER1 and browse \\srv-file01\
I see  \\srv-file01\SHARE. I enter it and I see only FOLDER1

Now I share FOLDER3 with everyone full control on share permission.
I log with USER1 and browse \\srv-file01\
Now I see 2 shares : \\srv-file01\SHARE and \\srv-file01\FOLDER3
If I enter in SHARE, I always see only FOLDER1
If I try to enter in FOLDER3, I have an access denied.

Now I share FOLDER3 with only administrator full control on share permission.
I log with USER1 and its the same as previous.

So we can conclude that Share Permission doesn't have any effects on ABE.
You can hide a share with ABE if you apply ABE on a top share but the share can still been viewed when browsing the server.
If you want to hide this sub-share from browsing the server, use SUBSHARE$

Hope this makes it clear what to do to solve
0
 
defreyAuthor Commented:
Wow, thank you so much!

What do you mean by subshare$?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Wilder_AdminCommented:
That means you should share the subfolders with the $. With that you can remove them from browsing the server view.
0
 
defreyAuthor Commented:
Hmmmm not sure if I understand that correctly. Could you please show me an example? Thanks
0
 
defreyAuthor Commented:
got it! : - )
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now