viernes, 02 de diciembre de 2011 12:11
I am having trouble implementing the ABE feature on our two node Windows Server 2008 R2 cluster. We have the File Services role setup sharing folders which reside on two RAID systems connected via iSCSI.
On each share under 'Share and Storage Management' I have enabled 'Access-based enumeration' under Properties > Advanced.
When I type in \\fileserver (the name for the file services service on the cluster) from a Windows client I can still see all of the shares listed even though the user I am logged in as only has access to one of these shares. Trying to access any of the other shares results in the Network Error message appearing saying Windows cannot access \\fileserver\sharename - Access is denied.
Can anyone shed any light on why this may be?
Thanks in advance,
- Tipo cambiado Vincent HuModerator lunes, 05 de diciembre de 2011 14:37
Todas las respuestas
sábado, 03 de diciembre de 2011 22:16
ABE filters folders and files inside a share, but does not apply to share enumeration for a server.
Can you test using ABE on the folders inside a share, instead list of shares for a server?
For instance, type in \\fileserver\fileshare where you have some folders the user has access and some folders the user does not have access.
- Editado Jose Barreto - MSFT domingo, 04 de diciembre de 2011 5:00
martes, 06 de diciembre de 2011 14:16
Thank you for your response on this.
Is there any way around this limitation? We have around 40 shares for different departments and would only like the shares they explicitly have access to to be shown in any explorer window.
viernes, 04 de mayo de 2012 17:30
would only like the shares they explicitly have access to to be shown in any explorer window.
Seconded. Is there any way to limit the share enumeration to those that have access?
If not, what is the intent of ABE? Have a generic share with ABE turned on and then a folder structure within that with specific permissions?
jueves, 31 de mayo de 2012 20:08
Like what Jose said, I don't think ABE is built to deal with share enumeration.
In our environment, we made all our shares hidden and then create a shortcut, or map a drive sometimes, to the share for the user based on their security group membership to the share.
This eliminates all the issues and our users don't even have to know anything about the path to explore.