2-12: Prevent Users from Seeing What They Cannot Access

Solution overview

Type of solution

Guidance

Features and tools

Access-based Enumeration (ABE)

Solution summary

The Windows Server 2008 file server role includes ABE, which enables you to hide from users the folders and files that they cannot access in a shared folder.

Benefits

Decreased help desk calls, and a security-trimmed view of shared folders

Introduction

On a traditional Windows folder, the List Folder Contents and Read Attributes permissions enable a user to see what the folder contains. The user sees all files and subfolders, whether or not the user can actually open those objects. The ability to open the object itself is managed by the Read or Read & Execute permissions.

When I began providing ...

Get Windows® Administration Resource Kit: Productivity Solutions for IT Professionals now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.