Blogcast: Access Based Directory Enumeration (A Windows Server 2003 SP1 New Feature)

Find out about one of those really cool new features of Windows Server 2003 SP1, Access Based Directory Enumeration in this latest blogcast recording. In a nutshell, ABDE causes the server to examine access rights to sub-directories on a share, only showing the user those directories to which they have access. If you want to find out how this works in under 4 minutes, click here to view.

Currently there is no capability from the GUI to turn this feature on - unfortunately you'll need to use Win32 APIs. Maybe this will change at a future date, but for now you'll probably need a developer buddy to help you... :-) They will need to know the following: The specific API is NetShareSetInfo, and specifically setting a flag to enable ABDE that points to a SHARE_INFO_1005 structure. The flag value for Access Based Directory Enumeration is #define SHI1005_FLAGS_ENFORCE_NAMESPACE_ACCESS 0x0800.

Update 30th March 2005 - Here's the link to be able to download the tool. I'm reliable informed that a whitepaper and the tool will be on microsoft.com soon. https://blogs.technet.com/jhoward/archive/2005/02/22/378033.aspx

So far, I haven't had any success trying to set this property through the ADSI IADsFileShare object, or even sure that it is possible. If you get there before me, please let me know! Unfortunately, you can't hide shares using this mechanism - there's still just the old "$ suffix" trick. Remember, if this is important to you, you can use the windows server feedback site.

Edited by John: 3rd Nov 2005 - Rehosted WMV file