Access Based Enumeration on Windows 7

Windows Internals
Published Feb 3, 2012 Updated Mar 20, 2013

Access Based Enumeration (ABE) is a well-hidden feature even in Windows Server, where it can be configured per share, but only in the Share and Storage Management MMC and not when right-clicking a folder in Explorer. Thanks to the shared code base ABE is available in Windows 7, too, although hidden even better. Let’s find out how to enable it anyway.

First we need a share to play around with. I set up a shared folder with three subfolders. When I access it over then network, everything looks as expected:

localhosttest_2012-02-02_16-52-54

Next we remove permissions on one of the subfolders so that users do not have read access any more. We do that with SetACL Studio, of course!

sub2 - SetACL Studio_2012-02-02_16-54-25

Then we download the free tool ShrFlgs and issue the following command in an elevated prompt:

D:\>ShrFlgs.exe \\localhost\test /abe true /forreal

ShrFlgs V01.00.01cpp Joe Richards (joe@joeware.net) February 2005

Share: test
  Path       : R:\
  Remark     :
  Max Use    : Unlimited
  Current Use: 1
  SDDL       :
  Flags
       Manual Client Side Caching
       Exclusive Opens Allowed
       Force Delete NOT Allowed
       Namespace Caching NOT Allowed
       Access Based Enumeration

The command completed successfully.

Finally we check again in Explorer, and voilà, the directory sub2 is gone:

localhosttest_2012-02-02_16-59-12

ABE Access Based Enumeration Free Tool SetACL Studio Share Windows 7

Comments

Comments are powered by Giscus. Please enable JavaScript to view them, or view discussions directly on GitHub.

Related Posts

Delprof2 & SetACL Studio Free for Commercial Use

Delprof2 & SetACL Studio Free for Commercial Use

I am happy to announce that my tools Delprof2 and SetACL Studio are now free to use, both for individuals and corporations. Previously, Delprof2 was only free to use commercially if an organization allowed us to use their name in our marketing. SetACL Studio was not available for free at all.

How to Modify Default Share Permissions and Other Tweaks

NTFS permissions are stored in the file system, that is well known. But where are share permissions stored? As so often with Windows: in the registry. Network shares are defined by only a handful of relatively simple registry entries stored in the server service’s key which is, for historical reasons that go back way beyond OS/2, named “LanmanServer” (the workstation service is similarly named “LanmanWorkstation”).

Windows Internals

Per-User Services in Windows: Info & Configuration

Per-User Services in Windows: Info & Configuration

It’s a little-known fact that Windows comes with per-user services, background processes that complement the well-known per-machine system services. This article explains what per-user services are, how to create your own, and which configuration options there are.

Windows Internals

Windows 10: Black Lock Screen with Citrix Receiver

Windows 10: Black Lock Screen with Citrix Receiver

Update: KB4022723 seems to fix the black lock screen issue described in this article. The Spotlight feature of Windows 10 shows beautiful images on the lock screen. Annoyingly, it appears to be broken on many machines, showing a black screen instead of a pretty photograph. Read on for the cause and a workaround.

Windows Internals

Latest Posts

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinbench scores while staying almost unperceptibly silent. In this first post, I’m showing how to silence the machine by replacing and adding to Lenovo’s CPU cooler.

Scripted WordPress to Hugo Migration

Scripted WordPress to Hugo Migration

After having published in WordPress for almost 20 years, it was time for a change. This site is now rendered by Hugo, a static website generator built for Markdown content hosted in a Git repository. The migration from WordPress (HTML) to Hugo (Markdown) was far from trivial. Since I couldn’t find any tool for the job, I developed my own set of migration scripts that fully automate the migration process. You can find them on GitHub along with extensive documentation.

Mitsubishi Heat Pump Data in Home Assistant via Modbus

Mitsubishi Heat Pump Data in Home Assistant via Modbus

This article shows how to get detailed information about your Mitsubishi heat pump’s status and operations into Home Assistant. Prerequisites You’ll need a Mitsubishi Modbus interface, either the older A1M (serial Modbus/RTU via RS-485 only) or the newer A1M+ (Modbus/TCP via Ethernet in addition to Modbux/RTU). I’m using the Ethernet variant.

Home Automation, Networking & Self-Hosting

GitHub: Authenticated Access via SSH

GitHub: Authenticated Access via SSH

This article describes how to set up authenticated access to a (private or public) GitHub repository from Linux. Create & Set Up an SSH Key SSH Key Creation Create a new SSH key:

Software development