Showing posts with label Access-based Enumeration. Show all posts
Showing posts with label Access-based Enumeration. Show all posts

Friday, 5 September 2008

Server Core - installing and enabling Access-Based Enumeration

For us and our clients, we absolutely require Access-Based Enumeration (ABE) to be installed on every file sharing server and enabled on every network shared folder.

It is mission critical because ABE hides any folders a user does not have permission to access no matter what method they use to access the file sharing server.

Out of sight, out of mind ... to a degree. ;)

Now, for some of our clients, and for ourselves, we are migrating our file servers to Windows Server 2008 Standard x64 Server Core installations. Performance improvements over Win2K3 Standard GUI install for older hardware with a hard drive refresh is impressive.

Running the install is pretty straight forward:


Access Based Enumeration Install on Server Core

As we are running through the install routine, something to keep in mind: We have no direct GUI on the Server Core box to bring up the folder's properties and manually enable ABE:

Win2K3 Full - ABE Folder Properties

As a result, when we are running through the ABE install on Server Core, we need to do the following:

ABE Installation - Enable Access-based Enumeration by default

Once the ABE install is complete, create your file shares, set permissions either via the command line on the Server Core box, another Win2K8 box, or via RSAT enabled Vista SP1.

More on ABE:

Note that SBS 2008 has ABE installed by default with permissions managed from within the SBS 2008 consoles!

Server Core Rocks! :D

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Posted by Philip Elder Cluster MVP at 07:01 0 comments
Labels: , , ,

Monday, 5 February 2007

SBS - Windows Server 2003 Access-based Enumeration

When there is a need to have folders in the general company share hidden from users with no permission to access them, we use Windows Server 2003 Access-based Enumeration.


This tool installs onto the server, and uses the Security ACL permissions to determine who is allowed to see the folder listed in their Windows Explorer or command line directory listing.


When installing the tool, one has the choice to enable enumeration on all shares, or choose to enable it on individual shares later on. I always choose the manual option.


Once installed, you will find a new tab in your folder properties window.




Once clicked on, you are presented with the option to enable enumeration on the folder.


Once enabled, only those users that have permission to access the folder will see it in their Explorer. This goes for folders listed in the Network Neigbourhood/My Network Places listings on the server.

The documentation can be found here on Microsoft's site.


The actual download can be found here. Note the different downloads for different processor architectures.

Happy SBSing!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Posted by Philip Elder Cluster MVP at 10:38 0 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)