Access-Based Enumeration in Windows Server

April 4, 2008

in Windows

You remember Access Based Enumeration right? I’m often surprised by people who didn’t know this features exists, so here’s refresher.

Access Based Enumeration is the add-on to Windows Server 2003 and included in Windows Server 2008 that controls the display of files and folders in remote shares based on user-rights. This is the tool that helps you create dynamic Start Menus for Terminal Servers or turn a user home share view from this:

ABEShareBefore

into this:

ABEShareAfter

It’s also especially good for those common file shares that everyone has access but are full of folders they can’t access.

To use ABE in Windows Server 2003, you’ll need to download and install the installer for Windows 2003 Service Pack 1 and above. You can then enabled access-based enumeration on each share:

AccessBasedEnumeration2003

For Windows Server 2008, ABE is built in and you can enable it by opening the Share and Storage Management MMC to view your list of shares, open the properties for the target share, click Advanced and add the tick to Enable access-based enumeration.

AccessBasedEnumeration2008

Nice and easy, so stop reading this post and going and enable ABE now.. Here’s more on ABE if you’re interested:

Tagged as: Access-Based Enumeration, Windows-Server

{ 1 trackback }

{ 5 comments }

1 Jason April 4, 2008 at 7:39 pm

ABE is actually included and fully functioning (although not enabled on any shares) in Windows 2003 SP1+. The download above just adds a GUI and command-line to control it. There are other ways to enable it; e.g., via a script that modifies the properties of the share.

A seemingly minor point, I know. But worth pointing out IMHO.

2 T Man April 4, 2008 at 7:53 pm

I was always kind of amazed that it took this long to get this feature in Windows. Netware 3 had it. But I’m glad it’s here.

3 Aaron Parker April 4, 2008 at 8:35 pm

@Jason, I was going to mention that but thought better of it for some reason.
@T Man, I started out on NetWare 3.12. Surely customers had been asking Microsoft for this feature well before they implemented it. Perhaps it just missed 2003 RTM so had to wait for SP1.

4 Dylan April 5, 2008 at 2:38 am

Just out of interest Aaron, how were you going to use this to create dynamic Start Menus for Terminal Servers – since the way I understand it you can only use it on shared folders.

Are you redirecting the start menu to a network share?

- Dylan

5 Aaron Parker April 6, 2008 at 10:31 pm

Hi Dylan, I’ve just finished creating a post on the subject, check it out here.

Comments on this entry are closed.

Previous post:

Next post: