Windows File System Troubleshooting by Andrew Bettany & Mike Halsey

Author:Andrew Bettany & Mike Halsey
Language: eng
Format: epub
Publisher: Apress, Berkeley, CA

Access-Based Enumeration (ABE)

Ever since Windows NT, one of the criticisms of Windows is that users are able to “see” shared files and folders on the file server. If users encounter a file or folder that they are not entitled to access, then NTFS permissions will control and restrict actual access to the object. Other operating systems, such as Novell NetWare, would only allow users to “see” the existence of resources that they had permission to access.

Some administrators seek to hide folders that are not relevant to users by careful folder hierarchy design and extensive permission management.

Access-based enumeration, which is included as a feature within the file server role since Windows Server 2008 (previously this was a separate download for Windows Server 2003 SP1, and, therefore, it was not widely deployed), allows sysadmins to correct this situation and forces Windows to evaluate each and every shared object, to ensure that resources are effectively hidden from users, unless they have at least the Read permission on the resource.

ABE can be utilized for the whole file server, or deployed only on specific file shares, though it is not enabled by default when you provision a new shared folder, as shown in Figure 4-5.

Figure 4-5Configuring ABE on a server-based shared folder

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.