Storage Tips: Access-Based Enumeration Hidden Secrets (no pun intended)
Published Apr 10 2019 01:44 AM 1,205 Views
Iron Contributor
First published on TECHNET on Oct 09, 2008
Access-based Enumeration allows users to list only the files and folders to which they have access when browsing content on the File Server. ABE was first introduced in Windows Server 2003 Service Pack 1, eliminating the confusion of connecting to a file server and seeing a large number of files that users don’t have access to.

Some quick information on ABE can help you understand when and how to use it:

1. ABE is not supported for use with DFS Namespaces to hide DFS links. However, ABE can be used with DFS to hide the files in the folders within the DFS Shares.

2. ABE does not hide shares. ABE hides content in a share based on user access rights. When ABE is enabled on a share, a user will only see the content that they have access to in the share.

3. ABE doesn't have effect on the users with the Backup files and folders right. Any user who has the Backup files and directories right will see all files in a shared directory. This is necessary so that backup programs can backup all files in the directory.

4. The Users can view (but not modify) the contents of other user's folders to which they have no permissions if the files have been marked for Offline access and the workstation is removed from the network.

More information:

How to implement Windows Server 2003 Access-based Enumeration in a DFS environment
Windows Server 2003 Access-based Enumeration
Windows Server 2003 Access-based Enumeration Download Tools

David Shen

Version history
Last update:
‎Apr 10 2019 01:44 AM
Updated by: