Access Based Enumeration on Windows 7

Windows Internals
Published Feb 3, 2012 Updated Mar 20, 2013

Access Based Enumeration (ABE) is a well-hidden feature even in Windows Server, where it can be configured per share, but only in the Share and Storage Management MMC and not when right-clicking a folder in Explorer. Thanks to the shared code base ABE is available in Windows 7, too, although hidden even better. Let’s find out how to enable it anyway.

First we need a share to play around with. I set up a shared folder with three subfolders. When I access it over then network, everything looks as expected:

localhosttest_2012-02-02_16-52-54

Next we remove permissions on one of the subfolders so that users do not have read access any more. We do that with SetACL Studio, of course!

sub2 - SetACL Studio_2012-02-02_16-54-25

Then we download the free tool ShrFlgs and issue the following command in an elevated prompt:

D:\>ShrFlgs.exe \\localhost\test /abe true /forreal

ShrFlgs V01.00.01cpp Joe Richards (joe@joeware.net) February 2005

Share: test
  Path       : R:\
  Remark     :
  Max Use    : Unlimited
  Current Use: 1
  SDDL       :
  Flags
       Manual Client Side Caching
       Exclusive Opens Allowed
       Force Delete NOT Allowed
       Namespace Caching NOT Allowed
       Access Based Enumeration

The command completed successfully.

Finally we check again in Explorer, and voilà, the directory sub2 is gone:

localhosttest_2012-02-02_16-59-12

ABE Access Based Enumeration Free Tool SetACL Studio Share Windows 7

Comments

Comments are powered by Giscus. Please enable JavaScript to view them, or view discussions directly on GitHub.

Related Posts

How to Modify Default Share Permissions and Other Tweaks

NTFS permissions are stored in the file system, that is well known. But where are share permissions stored? As so often with Windows: in the registry. Network shares are defined by only a handful of relatively simple registry entries stored in the server service’s key which is, for historical reasons that go back way beyond OS/2, named “LanmanServer” (the workstation service is similarly named “LanmanWorkstation”).

Windows Internals

Delprof2 & SetACL Studio Free for Commercial Use

Delprof2 & SetACL Studio Free for Commercial Use

I am happy to announce that my tools Delprof2 and SetACL Studio are now free to use, both for individuals and corporations. Previously, Delprof2 was only free to use commercially if an organization allowed us to use their name in our marketing. SetACL Studio was not available for free at all.

Universal Windows App Data Storage for Admins

Universal Windows App Data Storage for Admins

Universal Windows Platform (UWP) is the current name for a new type of application platform originally introduced with Windows 8 as “Metro” and later renamed to “Modern”. UWP apps can run on desktop, phone and console versions of Windows. They may only use a subset of the Windows API and run in a sandboxed environment. As a consequence, UWP apps can only use very limited areas of the file system. This article describes where UWP app settings are stored and how part of those settings roam between devices.

Windows Internals

How to Limit CPU & RAM via the Windows Boot Configuration

Testing the effects of different CPU and memory configurations is easiest when you run the tests on a powerful machine and restrict it to the required number of CPU cores and amount of RAM. Microsoft’s documentation of the relevant command is missing an essential parameter. Here are the commands you need.

Windows Internals

Latest Posts

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In the first post, I showed how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In this second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In this first post, I’m showing how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In a second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.

Scripted WordPress to Hugo Migration

Scripted WordPress to Hugo Migration

After having published in WordPress for almost 20 years, it was time for a change. This site is now rendered by Hugo, a static website generator built for Markdown content hosted in a Git repository. The migration from WordPress (HTML) to Hugo (Markdown) was far from trivial. Since I couldn’t find any tool for the job, I developed my own set of migration scripts that fully automate the migration process. You can find them on GitHub along with extensive documentation.

Mitsubishi Heat Pump Data in Home Assistant via Modbus

Mitsubishi Heat Pump Data in Home Assistant via Modbus

This article shows how to get detailed information about your Mitsubishi heat pump’s status and operations into Home Assistant. Prerequisites You’ll need a Mitsubishi Modbus interface, either the older A1M (serial Modbus/RTU via RS-485 only) or the newer A1M+ (Modbus/TCP via Ethernet in addition to Modbux/RTU). I’m using the Ethernet variant.

Home Automation, Networking & Self-Hosting