Blogcast: Access Based Directory Enumeration (A Windows Server 2003 SP1 New Feature)

Find out about one of those really cool new features of Windows Server 2003 SP1, Access Based Directory Enumeration in this latest blogcast recording. In a nutshell, ABDE causes the server to examine access rights to sub-directories on a share, only showing the user those directories to which they have access. If you want to find out how this works in under 4 minutes, click here to view.

Currently there is no capability from the GUI to turn this feature on - unfortunately you'll need to use Win32 APIs. Maybe this will change at a future date, but for now you'll probably need a developer buddy to help you... 🙂  They will need to know the following: The specific API is NetShareSetInfo, and specifically setting a flag to enable ABDE that points to a SHARE_INFO_1005 structure. The flag value for Access Based Directory Enumeration is #define SHI1005_FLAGS_ENFORCE_NAMESPACE_ACCESS 0x0800.

Update 30th March 2005 - Here's the link to be able to download the tool. I'm reliable informed that a whitepaper and the tool will be on soon.

So far, I haven't had any success trying to set this property through the ADSI IADsFileShare object, or even sure that it is possible. If you get there before me, please let me know! Unfortunately, you can't hide shares using this mechanism - there's still just the old "$ suffix" trick. Remember, if this is important to you, you can use the windows server feedback site.

Edited by John: 3rd Nov 2005 - Rehosted WMV file

Comments (7)
  1. Nachox ( says:

    Hi, I have no knowledge as a developer so it will be great if you post or send on email the .exe file to enable this feature.

  2. John Howard [MSFT] says:

    I’ve asked the author whether this is possible and will let you know when I get an answer. For now though, and to the many who sent me direct emails, unfortunately I’m not able to post this without that permission.

  3. Joe says:

    Hey John, thanks for the blog entry.

    If you don’t know me, I am the joeware guy and write all sorts of tools for MS OSes.

    Anyway a conversation on listserv prompted me to check out this blog entry which prompted me to write a command line tool to enable ABE funcitonality. Well actually the tool allows you to view share info and set any of the flags. You can find the tool at

  4. John Howard [MSFT] says:

    Hi Joe – yes, have seen your site in the past – there’s some pretty cool stuff up there. Quick work writing that utility – thanks and a definite one to add to the toolbox expecially with some of those other settings you’ve added. FWIW I’ve now got permission to upload the utility I used in the blogcast as well, but can’t until Monday unfortunately 🙁

  5. Nachox says:

    Thanks a lot for this tool, works perfect. Again Thanks !!!!!

  6. Anonymous says:

    Following my blogcast in February and subsequently posting the markShareforABDE tool for download…

  7. Anonymous says:

    Following todays webcast on Windows Server 2003 SP1, here’s the blogcast on Access Based Enueration I…

Comments are closed.

Skip to main content