Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access-based Enumeration question.

Status
Not open for further replies.
TomLet

TomLet

MIS
Nov 28, 2001
56
US
Hello all,

Is anybody using Access-based Enumeration? I installed it but cannot seem to get it working correctly. How are the permissions supposed to be set in share & security? I set share for user(full control) and removed everyone completely and set security to user(full control) and removed everyone anfter shutting off inheritable permissions for the folder and it is still visible on the network to other users. Any ideas.

Thank you,

Tom
 
Sort by date Sort by votes
I am using ABE. Works great for me. It goes by the ACL on the folders (NTFS permissions)
 
Upvote 0 Downvote
So you do a root share and set the NTFS ACL on the sub-folders? Do you have to change the share permissions? What should the NTFS permissions on the share be? I just can't seem to get this working.

Thanks,

Tom
 
Upvote 0 Downvote
on your logical drive..say D: create a shared folder. Give the shared folder Authenticated Users (Create) share permissions...or whatever you want. Set the NTFS permisions on that folder to Domain Users (read&execute, read and list)

In the shared folder create several folders. Give each folder different NTFS permissions. EX: Folder1 (Finance:Modify); Folder2(MIS:Modify); Folder3(HR:Modify)

Right Click the folder that is shared and enable ABE.

Users in the Finance group should only be able to see Folder1; users in the MIS group should only see Folder2 and so on
 
Upvote 0 Downvote
OK, I set up the permissions. On the share in share permissions I have Authenticated Users (change&read) in the NTFS permissions I have Domain Users (read&execute, read and list) and Administrators (full control). On the sub-folders I have Administrators (full control) and the user (full control). When I navigate to the share as any user (and no, my regular users are not members of the Administrators group :))you can still see all of the folders. The ACL's are working in that although any user can see the folders they cannot get into them (access denied). I just need to figure out what I'm doing wrong.

There are two shares on the folder one I created long ago to hide the user shares from the network (users$) and one I created that is visible (users) for getting this to work. If I can get this to work I'll phase out the use of the hidden share.

Thanks,

Tom
 
Upvote 0 Downvote
Im not sure if ABE works per user account as I ahve never tried it that way.

Take the user off the ACL list for that folder and add that user to a Group (other than admins)

Create 2 folders in your share.

On Folder1 add the Group that you just put the user in to the ACL and give that Group the default rights

On Folder2 do no add that Group to the ACL.

If you log in as that user, you should only see Folder1

 
Upvote 0 Downvote
Hello all,

Well it work, and with user level security :)! It turns out the account I was testing it with had elevated permissions. I checked with other accounts and all is well. Thanks to everyone that responded!

Tom
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
350
hairlessupportmonkey
hairlessupportmonkey
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
310
StevenFromSouth
StevenFromSouth
edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
250
DrB0b
DrB0b
iCDT
  • Locked
  • Question
Remote Desktop Web Access ( No application available)
Replies
2
Views
299
hairlessupportmonkey
hairlessupportmonkey
DrB0b
  • Locked
  • Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
260
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top