Avatar of whoam
 asked on

Access Based Enumeration 2008- different from different share instances

I have, or so I thought, limited enumeration based on NTFS.  The shared folder in question is hung off a server and uses two instances  \\server\new shared\ and \\server\newshared\ for the same folder.  Note the instance names differ by the presence or lack of a space.

If a user hits the “new shared” with a space, their view is limited based on NTFS perms.  Folders to which they have no permission are not seen.  However, if a user hits “newshared” with no space, they can see all the folders contained.  They are still prevented from accessing the subfolders as they should by NTFS, but now they can see them.
Share level permissions for “New Shared” are, Authenticated Users, domain Users, and Administrators(local) all full control.  The share level permissions for “NewShared” are Authenticated Users, Domain Admins, and Domain Users, again all full control.

As the GPO shared drive mapping is through “new shared” I’m probably going to just kill the “newshared” instance, but I would like to understand.  The mapping GPO is set to “Run in logged on user’s security context”, Show this drive, show all drives, reconnect, with a designated drive letter mapped to “New Shared”.

Clients are Win7-32.  Server is 2008R2 with file server and print server roles.
Windows Server 2008Microsoft Server OSWindows 7

Avatar of undefined
Last Comment
Steve Whitcher

8/22/2022 - Mon
Steve Whitcher

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes