Access-based Enumeration In Windows Server 2003

IT Support Forum Forums Windows Windows Server 2003 R2 General Discussion Access-based Enumeration In Windows Server 2003

This topic contains 0 replies, has 1 voice, and was last updated by  Webmaster 2 weeks, 1 day ago.

  • Author
    Posts
  • #2183

    Webmaster
    Keymaster

    Applies To:Windows Server 2003 with SP1
    Access-based Enumeration is a new featureincluded with Windows Server 2003 Service Pack 1.This featureallows users of
    Windows Server 2003–based fileservers to list only thefiles and folders to which they haveaccess when browsing content on
    thefileserver.This eliminates user confusion that can becaused when users connect to a fileserver and encounter a large
    number of files and folders that they cannotaccess.
    What does Access-based Enumeration do?
    Access-based Enumeration filters thelist of availablefiles and folders on a server to include only thosethat therequesting user
    has access to.
    Who does this feature apply to?
    This featureapplies to:
    Domain-joined computers.
    IT professionals who want to control the user’s experience.
    Detailed description
    Access-based Enumeration allows users to see only files and folders that they haveaccess to on a fileserver.This featureis not
    enabled by default.
    To enablethis feature,a property must beset on a fileshareto allow access-based enumeration.To enablethis feature on your
    server,you can download a shell extension that provides both a graphical user interfacefor enabling access-based
    enumeration and a command-lineinterfacefor managing this feature.When this download is installed,a wizard will run that
    can automatically enable Access-based Enumeration on theshared folders on your computer.This download includes a
    whitepaper that provides further details about theshell extension,command lineinterface,and the NetShareSetInfo
    application programming interface(API).This download is available on the Microsoft Download Center at
    http://go.microsoft.com/fwlink/?LinkId=46228.
    If you want to develop a tool yourself,you can usethe NetShareSetInfo API.This property is an attribute of the
    NetShareSetInfo (API).For moreinformation about the NetShareSetInfo API, seethe Platform SDK and the MSDN Web siteat
    http://go.microsoft.com/fwlink/?LinkId=46511.To enable Access-based Enumeration,you need to seta flag that points to the
    SHARE_INFO_1005 structure.For moreinformation about the SHARE_INFO_1005 structure, seethe Platform SDK and the MSDN
    Web siteat http://go.microsoft.com/fwlink/?LinkId=45504.
    The new flag to enable Access-based Enumeration is
    #define SHI1005_FLAGS_ENFORCE_NAMESPACE_ACCESS 0x0800
    This flag is only applicableto Windows Server 2003 Service Pack 1 and will have no effect on other versions of the Windows
    operating system.
    After thefeatureis enabled,a listing of thecontent in that share will present thecontent that the user has access to.
    Why is this change important?
    This changeis important becausethis allows users to see only thosefiles and directories that they haveaccess to and nothing
    else.This mitigates thescenario where unauthorized users might otherwise beableto seethecontents of a directory even
    though they don’t haveaccess to it.
    What settings are added or changed in Windows Server 2003 Service Pack 1?
    The SHI1005_FLAGS_ENFORCE_NAMESPACE_ACCESS flag has been added to the NetShareSetInfo API.Theflag enables you to turn
    on the Access-based Enumeration feature.

You must be logged in to reply to this topic.