Access-based Enumeration In Windows Server 2003

IT Support Forum Forums Windows Windows Server 2003 R2 General Discussion Access-based Enumeration In Windows Server 2003

Viewing 0 reply threads
  • Author
    Posts
    • #2183
      Webmaster
      Keymaster

      Applies To:Windows Server 2003 with SP1
      Access-based Enumeration is a new featureincluded with Windows Server 2003 Service Pack 1.This featureallows users of
      Windows Server 2003–based fileservers to list only thefiles and folders to which they haveaccess when browsing content on
      thefileserver.This eliminates user confusion that can becaused when users connect to a fileserver and encounter a large
      number of files and folders that they cannotaccess.
      What does Access-based Enumeration do?
      Access-based Enumeration filters thelist of availablefiles and folders on a server to include only thosethat therequesting user
      has access to.
      Who does this feature apply to?
      This featureapplies to:
      Domain-joined computers.
      IT professionals who want to control the user’s experience.
      Detailed description
      Access-based Enumeration allows users to see only files and folders that they haveaccess to on a fileserver.This featureis not
      enabled by default.
      To enablethis feature,a property must beset on a fileshareto allow access-based enumeration.To enablethis feature on your
      server,you can download a shell extension that provides both a graphical user interfacefor enabling access-based
      enumeration and a command-lineinterfacefor managing this feature.When this download is installed,a wizard will run that
      can automatically enable Access-based Enumeration on theshared folders on your computer.This download includes a
      whitepaper that provides further details about theshell extension,command lineinterface,and the NetShareSetInfo
      application programming interface(API).This download is available on the Microsoft Download Center at
      http://go.microsoft.com/fwlink/?LinkId=46228.
      If you want to develop a tool yourself,you can usethe NetShareSetInfo API.This property is an attribute of the
      NetShareSetInfo (API).For moreinformation about the NetShareSetInfo API, seethe Platform SDK and the MSDN Web siteat
      http://go.microsoft.com/fwlink/?LinkId=46511.To enable Access-based Enumeration,you need to seta flag that points to the
      SHARE_INFO_1005 structure.For moreinformation about the SHARE_INFO_1005 structure, seethe Platform SDK and the MSDN
      Web siteat http://go.microsoft.com/fwlink/?LinkId=45504.
      The new flag to enable Access-based Enumeration is
      #define SHI1005_FLAGS_ENFORCE_NAMESPACE_ACCESS 0x0800
      This flag is only applicableto Windows Server 2003 Service Pack 1 and will have no effect on other versions of the Windows
      operating system.
      After thefeatureis enabled,a listing of thecontent in that share will present thecontent that the user has access to.
      Why is this change important?
      This changeis important becausethis allows users to see only thosefiles and directories that they haveaccess to and nothing
      else.This mitigates thescenario where unauthorized users might otherwise beableto seethecontents of a directory even
      though they don’t haveaccess to it.
      What settings are added or changed in Windows Server 2003 Service Pack 1?
      The SHI1005_FLAGS_ENFORCE_NAMESPACE_ACCESS flag has been added to the NetShareSetInfo API.Theflag enables you to turn
      on the Access-based Enumeration feature.

Viewing 0 reply threads
  • You must be logged in to reply to this topic.