Access based Enumeration NOT working

Question

Hi,

I have Windows Server 2016 (Standalone) and would like to enable ABE for a certain user.
Following steps were carried out, but desired folder were still visible to the particular user, what might be cause of this?

1. Created a shared folder on D:\ drive, and I didn't modify the share permissions:
   
2. Enabled ABE for the desired share:
   
   
3. Have multiple folders under this share and would like to prevent the RootDirectory2 to be appear for the certain user.
   
4. Applied the DENY permissions for the djoin user as:
   
5. When signed in with that particular user account, RootDirectory2 folder was visible :(
   

Answer 1

Hi there,

According to Microsoft, "Access-based enumeration displays only the files and folders that a user has permission to access. If a user does not have Read (or equivalent) permissions for a folder, Windows hides the folder from the user’s view. This feature is active only when viewing files and folders in a shared folder; it is not active when viewing files and folders in the local file system"

These might help you out with your queries. These forums have discussed a similar problem and you can try out the steps explained in them.

https://social.technet.microsoft.com/Forums/en-US/90e6bd3f-7973-469d-8327-96a286b6d571/access-based-enumeration-is-not-working?forum=winserversecurity

https://learn.microsoft.com/en-us/windows-server/storage/dfs-namespaces/enable-access-based-enumeration-on-a-namespace

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept it as an answer--