By default, all folders and files will be listed when access
specific share path, even if the browsing user doesn’t have permissions on
those shares.
Access-based enumeration is Windows Server feature which
causes the server to display only the files and folders that a user has
permissions to access. Once ABE is enabled on the share, users will only see
those folders for which they have access.
This feature is active only when viewing files and folders
in a shared folder; it is not active when viewing files and folders in the
local file system.
Just FYI
ABE is not a security feature (it’s more of a convenience
feature)
Now let’s jump into the Lab and see how it works.
Define permissions on target folders, I created two folders
for User1 and User2 and i restricted their NTFS permissions specific to users.
Now create share via “file and Storage Service”
Specify folder location, where your users’ folders are
located.
Configure the Share Name
Enable Access-Based Enumeration to use ABE feature.
Create Share and publish it for the users.
We almost done, let see how it work from user desktop.
Login User1 computer and access share \\10.10.10.1\user_share
Wow!, now lets check , what happen if user 2 logged in.
OK now all look good, and we found user views are confined
based on their permissions.
So far,
we are working with individual file server. Now we will try to use this feature
into DFS. Let see how it work if we integrate them into DFS.
Let me create DFS Namespace
and configure target.
I have created Name Space called “Common_Share” and Enabled
ABE on the “Name Space”
Let me link the User Share on DFS.
OK all settled now login User1 Computer, and Access Share by
using DFS Name.
OK, nice to see the result. Let’s check the user 2 as well.
***************Happy Learning*************
No comments:
Post a Comment