Access Based Enumeration.

I have ABE working correctly on some folders, but other folders it is not working correctly... The users who do not have access to the folder can still see it. When they click on the folder it says access denied, due to privilages message.

I want to make it so they cannot view the folder at all.

Here is how I have access rights setup on folders with ABE currently working.

I have a Folder names Users with the following permissions

Share = Everyone group has - change and read allowed
NTFS = Tech1 Group has - read and execute, list, read write.

Inheritable permissions are not checked.

Under Users Folder I have the following folders

Jesse - NTFS Permissions = Domain user Jesse = read and execute, list, read, write
Jason - NTFS Permissions = Domain user Jason = read and execute, list, read, write
Renee - NTFS Permissions = Domain user Renee = read and execute, list, read, write

If I am user Jesse, I dont see Renee's folder or Jasons folder in the Users folder, If I am Jason I dont see Jesse's or Renee's etc. It is working properly. When I try these same permission settings on other folder shares on the same drive it does not work...

Any ideas why?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

TechJunky

Ok, figured out the problem. I think this is a glitch, and they need to fix it.

ABE only works on subfolders of a shared folder. I think this is BS and it should work on any folder that you do not want users to see rather than creating a folder with a bunch of sub folders in it...

IE: Shared Folder = Shared, then any subfolder within that folder would not be visable if you set your NTFS permissions accordingly.

So users would access database folder from

\\server\shared\database, rather than \\server\database

Seems kind of odd.