Discussion:
How To for Access Based Enumeration?
(too old to reply)
Mark Olbert
2008-09-20 16:22:03 UTC
Permalink
Like apparently quite a few others, I'm having trouble getting access based enumeration to work. This is using a DFS setup on Server
2008 (standard). Basically, all the "component" shares in the DFS share I set up are visible to all users all the time. They can't
access folders they don't have rights to, but the folders themselves are still visible.

Is there an "official" how to for setting the permissions correctly? I gather one has to be careful about what permissions are
granted to both the share and the links in the DFS root. But I'm not clear on just what they should be.

- Mark
Phillip Windell
2008-09-22 13:28:46 UTC
Permalink
They can't access folders they don't have rights to, but the folders
themselves are
still visible. Is there an "official" how to for setting the permissions
correctly?
It already is correct. "Visible" is not "access". They will be visible.
--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Mark Olbert
2008-09-22 14:26:16 UTC
Permalink
FWIW, that's not what the ABE documentation says.

- Mark
Post by Phillip Windell
They can't access folders they don't have rights to, but the folders
themselves are
still visible. Is there an "official" how to for setting the permissions
correctly?
It already is correct. "Visible" is not "access". They will be visible.
Phillip Windell
2008-09-22 14:41:46 UTC
Permalink
Post by Mark Olbert
FWIW, that's not what the ABE documentation says.
Don't even know what ABE is.
--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Mark Olbert
2008-09-23 00:20:14 UTC
Permalink
ABE = Access Based Enumeration.

A system whereby the objects a user even sees are based on his/her access rights. If you don't have read access, you don't even get
to see the object when a directory is enumerated for display.

- Mark
Post by Phillip Windell
Post by Mark Olbert
FWIW, that's not what the ABE documentation says.
Don't even know what ABE is.
Phillip Windell
2008-09-23 16:12:44 UTC
Permalink
Post by Mark Olbert
ABE = Access Based Enumeration.
A system whereby the objects a user even sees are based on his/her access
rights. If you don't have read access, you don't even get
to see the object when a directory is enumerated for display.
Ok, I see.

Well in the ten years I've been working with this,..I have never seen
Windows follow ABE. Users could see shares listed even if they had no
permissions to them, but the could not open them of course. As far as
Folders they could always see the *first level* of folders that were
"inside" the Folder they were in,...but they could see anything below those
because to do so would mean they would have the actually enter one of the
Child folders which they could not do. I do not see an permission called
"visible". Maybe an explicit "deny" would do something,..I don't know I
have never tried using that.
--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Phillip Windell
2008-09-23 16:39:27 UTC
Permalink
Post by Phillip Windell
"inside" the Folder they were in,...but they could see anything below those
Meant "...could *not* see anything..."
--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Continue reading on narkive:
Loading...