Access Based Enumeration on Windows 7

Windows Internals
Published Feb 3, 2012 Updated Mar 20, 2013

Access Based Enumeration (ABE) is a well-hidden feature even in Windows Server, where it can be configured per share, but only in the Share and Storage Management MMC and not when right-clicking a folder in Explorer. Thanks to the shared code base ABE is available in Windows 7, too, although hidden even better. Let’s find out how to enable it anyway.

First we need a share to play around with. I set up a shared folder with three subfolders. When I access it over then network, everything looks as expected:

localhosttest_2012-02-02_16-52-54

Next we remove permissions on one of the subfolders so that users do not have read access any more. We do that with SetACL Studio, of course!

sub2 - SetACL Studio_2012-02-02_16-54-25

Then we download the free tool ShrFlgs and issue the following command in an elevated prompt:

D:\>ShrFlgs.exe \\localhost\test /abe true /forreal

ShrFlgs V01.00.01cpp Joe Richards (joe@joeware.net) February 2005

Share: test
  Path       : R:\
  Remark     :
  Max Use    : Unlimited
  Current Use: 1
  SDDL       :
  Flags
       Manual Client Side Caching
       Exclusive Opens Allowed
       Force Delete NOT Allowed
       Namespace Caching NOT Allowed
       Access Based Enumeration

The command completed successfully.

Finally we check again in Explorer, and voilà, the directory sub2 is gone:

localhosttest_2012-02-02_16-59-12

ABE Access Based Enumeration Free Tool SetACL Studio Share Windows 7

Comments

Comments are powered by Giscus. Please enable JavaScript to view them, or view discussions directly on GitHub.

Related Posts

Anatomy of WerFault.exe's Application Crash Error Reporting

Anatomy of WerFault.exe's Application Crash Error Reporting

Not much information is available on Windows Error Reporting’s WerFault.exe, the process that is launched by the OS whenever an application crashes. This post documents the launch sequence of WerFault.exe and its related processes along with their command line parameters.

Windows Internals

Universal Windows App Data Storage for Admins

Universal Windows App Data Storage for Admins

Universal Windows Platform (UWP) is the current name for a new type of application platform originally introduced with Windows 8 as “Metro” and later renamed to “Modern”. UWP apps can run on desktop, phone and console versions of Windows. They may only use a subset of the Windows API and run in a sandboxed environment. As a consequence, UWP apps can only use very limited areas of the file system. This article describes where UWP app settings are stored and how part of those settings roam between devices.

Windows Internals

Per-User Services in Windows: Info & Configuration

Per-User Services in Windows: Info & Configuration

It’s a little-known fact that Windows comes with per-user services, background processes that complement the well-known per-machine system services. This article explains what per-user services are, how to create your own, and which configuration options there are.

Windows Internals

Windows 10: Black Lock Screen with Citrix Receiver

Windows 10: Black Lock Screen with Citrix Receiver

Update: KB4022723 seems to fix the black lock screen issue described in this article. The Spotlight feature of Windows 10 shows beautiful images on the lock screen. Annoyingly, it appears to be broken on many machines, showing a black screen instead of a pretty photograph. Read on for the cause and a workaround.

Windows Internals

Latest Posts

Changing the Location of the Windows Terminal Settings Files

Changing the Location of the Windows Terminal Settings Files

Windows Terminal stores its settings in configuration files that resides in the Windows user profile. This article explains how to move them to any directory of your choice. Where are the Settings Files Located? The location of the Windows Terminal settings file is hard-coded. The exact path depends on the app variant you installed, but it’s always in the user profile:

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In the first post, I showed how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In this second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In this first post, I’m showing how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In a second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.

Scripted WordPress to Hugo Migration

Scripted WordPress to Hugo Migration

After having published in WordPress for almost 20 years, it was time for a change. This site is now rendered by Hugo, a static website generator built for Markdown content hosted in a Git repository. The migration from WordPress (HTML) to Hugo (Markdown) was far from trivial. Since I couldn’t find any tool for the job, I developed my own set of migration scripts that fully automate the migration process. You can find them on GitHub along with extensive documentation.