Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 210
  • Last Modified:

ABE (Access Based Enumeration) WSE2012


I have turned on the ABE on a shared folder.
Unfortunately, despite removing the selected user for the security & sharing permissions, the share is still visible to those who shouldn t see it?

Any ideas why?

  • 3
  • 2
1 Solution
As far as my understanding goes ABE only works on NTFS permissions not on share permissions. If you don't want users to see a specific share share it hidden (using the $ sign at the end of the share name).

Also, normally, in basic NTFS security setting, the everyone group has full control on share level (or read/write) and permissions are set on NTFS level, meaning they are able to see the share.
Hi defrey,
ABE is not belonging to the sharing permissions. Only to the NTFS Security.

Here an example:

We have a share on a server : \\srv-file01\SHARE
This share contains some folders

I apply ABE on \\srv-file01\SHARE and set NTFS permission on each subfolder (USER1 for FOLDER1, USER2 for FOLDER2, ...)

I log in a client with USER1 and browse \\srv-file01\
I see  \\srv-file01\SHARE. I enter it and I see only FOLDER1

Now I share FOLDER3 with everyone full control on share permission.
I log with USER1 and browse \\srv-file01\
Now I see 2 shares : \\srv-file01\SHARE and \\srv-file01\FOLDER3
If I enter in SHARE, I always see only FOLDER1
If I try to enter in FOLDER3, I have an access denied.

Now I share FOLDER3 with only administrator full control on share permission.
I log with USER1 and its the same as previous.

So we can conclude that Share Permission doesn't have any effects on ABE.
You can hide a share with ABE if you apply ABE on a top share but the share can still been viewed when browsing the server.
If you want to hide this sub-share from browsing the server, use SUBSHARE$

Hope this makes it clear what to do to solve
defreyAuthor Commented:
Wow, thank you so much!

What do you mean by subshare$?
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

That means you should share the subfolders with the $. With that you can remove them from browsing the server view.
defreyAuthor Commented:
Hmmmm not sure if I understand that correctly. Could you please show me an example? Thanks
defreyAuthor Commented:
got it! : - )

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now