Remember
Access-based Enumeration (ABE)? I posted about it a short time ago. ABE will hide the folders and files underneath a share if the user who is mapped to the share has no permissions to read them. It's really great to "clean up" your fileservers for your users - they only have to bother about data they are able to access.
However, I've received a few questions about ABE. First of all - the tool to configure it - ABETool.exe - wasn't published with the final release of Service Pack 1. It will be available as download and will be published on microsoft.com together with a Whitepaper explaining ABE. Right now you can either programmatically change the share properties with the provided API, or use the
ShareFlags-Tool (ShrFlgs) from Joe Richards. I have no information about the promised option to configure it in the GUI, maybe it will be in the same download - we'll see as soon as it's published.
ABE will hide Folders and Files, and will do it not only in the parent folder but also in subfolders. There may be a bit slower performance since enabling ABE means that the server has to validate the rights on files/folders underneath the current folder when opening it - without ABE there's no reason to do so because as long as you have sufficient permissions on the parent folder you'll see everything underneath. I don't expect that much of a performance issue, but real life will tell us soon.
|
Here's a example of ABE - the top two pictures are the view of a user who has only read rights on the ACC-Folders and ACC.TXT-Files, the bottom two pictuers are the view of an Administrator (yes - ABE applies to users only, and only remotely via the share where ABE is enabled. If the user is logging on locally or over a different share without ABE he'll see everything. |
|