Access-Based Enumeration in Windows Server

You remember Access Based Enumeration right? I’m often surprised by people who didn’t know this features exists, so here’s refresher.

Access Based Enumeration is the add-on to Windows Server 2003 and included in Windows Server 2008 that controls the display of files and folders in remote shares based on user-rights. This is the tool that helps you create dynamic Start Menus for Terminal Servers or turn a user home share view from this:

into this:

It’s also especially good for those common file shares that everyone has access but are full of folders they can’t access.

To use ABE in Windows Server 2003, you’ll need to download and install the installer for Windows 2003 Service Pack 1 and above. You can then enabled access-based enumeration on each share:

For Windows Server 2008, ABE is built in and you can enable it by opening the Share and Storage Management MMC to view your list of shares, open the properties for the target share, click Advanced and add the tick to Enable access-based enumeration.

Nice and easy, so stop reading this post and going and enable ABE now.. Here’s more on ABE if you’re interested: