Access-Based Enumeration Question

We have a DFS structure and they want to hide DFS links to users that don't have access. That is fine, we can use ABE to hide those DFS links. The thing is, they also have a lot of folders with List Folder Contents only and not allowing users read. This way help desk cannot read files, but they can see the files in case they need to restore those files. The only problem, is ABE is actually hiding those files because those helpdesk users do not have read access to those files, only list folder contents. Is there any way to set ABE to only work on folders instead of the files as well? Thanks!

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

blargoe

For any given share, it's all or none. You can't tell it to work for only files or only folders.

royal

blargoe wrote:

For any given share, it's all or none. You can't tell it to work for only files or only folders.

Ya, that is what I kind of figured. If only ABE would let you pick folders, files, or both.

royal

Looks like our only option is to re-share that specific directory that is pretty deep down and have that one department directly connect to that share and just disable ABE on it. We're currently doing a Novell migration for them and one of their things is they don't want any user downtime and they want things to appear the exam same as it did in Novell to their users. This includes hiding anything they do not access to. They do have certain files though that they want displayed but not allow users to read. It's in this case that we are just going to have to share these folders and disable ABE so ABE won't hide those files due to them not having the permission to read.