Iniciar sesión
 
InicioBibliotecaAprendizajeDescargaSoporteComunidadForos
Note: Forums will be making significant UX changes to address key usability improvements surrounding search, discoverability and navigation. To learn more about these changes please visit the announcement which can be found HERE.
Recursos para Profesionales de TI >
Access-based Enumeration on 2008 R2 Cluster

Discussion Access-based Enumeration on 2008 R2 Cluster

  • viernes, 02 de diciembre de 2011 12:11
     
     
    Inicie sesión para votar
    0

    I am having trouble implementing the ABE feature on our two node Windows Server 2008 R2 cluster. We have the File Services role setup sharing folders which reside on two RAID systems connected via iSCSI.

    On each share under 'Share and Storage Management' I have enabled 'Access-based enumeration' under Properties > Advanced.

    When I type in \\fileserver (the name for the file services service on the cluster) from a Windows client I can still see all of the shares listed even though the user I am logged in as only has access to one of these shares. Trying to access any of the other shares results in the Network Error message appearing saying Windows cannot access \\fileserver\sharename - Access is denied.

    Can anyone shed any light on why this may be?

    Thanks in advance,

    Chris

     

Todas las respuestas

  • sábado, 03 de diciembre de 2011 22:16
     
     
    Inicie sesión para votar
    0

    ABE filters folders and files inside a share, but does not apply to share enumeration for a server.

    Can you test using ABE on the folders inside a share, instead list of shares for a server?

    For instance, type in \\fileserver\fileshare where you have some folders the user has access and some folders the user does not have access.

     

    Jose Barreto

    Jose Barreto
     
  • martes, 06 de diciembre de 2011 14:16
     
     
    Inicie sesión para votar
    0

    Thank you for your response on this.

    Is there any way around this limitation? We have around 40 shares for different departments and would only like the shares they explicitly have access to to be shown in any explorer window.

     
  • viernes, 04 de mayo de 2012 17:30
     
     
    Inicie sesión para votar
    0

     would only like the shares they explicitly have access to to be shown in any explorer window.

    Seconded.  Is there any way to limit the share enumeration to those that have access?  

    If not, what is the intent of ABE?  Have a generic share with ABE turned on and then a folder structure within that with specific permissions?

    Chris O.

     
  • jueves, 31 de mayo de 2012 20:08
     
     
    Inicie sesión para votar
    0

    Like what Jose said, I don't think ABE is built to deal with share enumeration.

    In our environment, we made all our shares hidden and then create a shortcut, or map a drive sometimes, to the share for the user based on their security group membership to the share.

    This eliminates all the issues and our users don't even have to know anything about the path to explore.