SP1 and X64 little known feature – Access-Based Enumeration (ABE)

Have you ever attempted to access a folder that you didnt have permission to?

Are you an administrator who is concerned about security principals without the proper permissions seeing the names of files and folders they dont have permissions to?

SP1 and x64 address these concerns by making inacessible files and folders invisible to users through a neat little feature called Access-Based Enumeration (ABE).  ABE in SP1/x64 can be used with the command-line (abetool.exe) and through a fairly robust API (NetShareSetInfo).  FYI – There is a GUI on the way.

Command Line Sytax:  abetool [ShareName] [1=on/0=off] [ServerName]

Command Line Example: abetool “Personal Folders” 1 FileSrvr1

As an IT Pro for many many years, I was personally surprised that this feature didnt get more attention.  I remember back in my early Novell days thinking how cool it was.  I suppose that leads to neat little trick with ABE – file shares that are migrated from other operating systems will behave the same way they did on the previous OS. (Cool!)

There is a whitepaper on ABE that should hit the streets fairly soon, Ill post a link to it when I hear it is live.


– Ward Ralston