Totally forgot to blog about this:
Two of my articles got published in the German Magazine IT-Administrator
in March and April. Both cover DNS, the first one in March goes into the basics and elements of DNS, and how to troubleshoot DNS. The second article in April explains different Methods of integrating an Active Directory and DNS, and shows how to administer DNS using the command line or scripts.
In the past I've published an announcement of my articles also on www.windowsserverfaq.de
, however I'm currently in a migration to another webhoster and completely new technology (very exciting - it'll be so cool) so I'm not spending much time updating the current site.
Remember Access-based Enumeration (ABE)
? I posted about it a short time ago. ABE will hide the folders and files underneath a share if the user who is mapped to the share has no permissions to read them. It's really great to "clean up" your fileservers for your users - they only have to bother about data they are able to access.
However, I've received a few questions about ABE. First of all - the tool to configure it - ABETool.exe - wasn't published with the final release of Service Pack 1. It will be available as download and will be published on microsoft.com together with a Whitepaper explaining ABE. Right now you can either programmatically change the share properties with the provided API, or use the ShareFlags-Tool (ShrFlgs) from Joe Richards
. I have no information about the promised option to configure it in the GUI, maybe it will be in the same download - we'll see as soon as it's published.
ABE will hide Folders and Files, and will do it not only in the parent folder but also in subfolders. There may be a bit slower performance since enabling ABE means that the server has to validate the rights on files/folders underneath the current folder when opening it - without ABE there's no reason to do so because as long as you have sufficient permissions on the parent folder you'll see everything underneath. I don't expect that much of a performance issue, but real life will tell us soon.
Here's a example of ABE - the top two pictures are the view of a user who has only read rights on the ACC-Folders and ACC.TXT-Files, the bottom two pictuers are the view of an Administrator (yes - ABE applies to users only, and only remotely via the share where ABE is enabled. If the user is logging on locally or over a different share without ABE he'll see everything.