Skip to main content

Hidding folders users do not have access to

Through the years that I've spent supporting networks and their users, I've come across a common problem. I often have problems with having to give access to shared folders to users that also contain folders that they do not have access to. I'm of course the bad guy when I have to tell them that they do not have access to those folders. How dare I. Well, Windows Server 2008 (and Windows server 2003 SP 1with a plug in) offers a solution. It is called Access-Based Enumeration.



Access-Based Enumeration allows the operating system to filter out all the folders that the user does not have access to when the user browses to the shared folder. This helps to reduce user frustration, tech support calls, and increases user productivity by reducing the number of folders they see that do not apply to them.


So, how do you implement this magical wonder? Well, first off you need to have Distributed Files System installed and your distributed files configured. Next:

•Click Start --> Administrator Tools --> Share and Storage Management
•Open the properties for your distributed folder
•Click the Advanced button.
•Check Enable Access-based enumeration.

There is also a hotfix for Windows Server 2003 SP1 and Windows XP SP2 to be able to use DFS.

•http://support.microsoft.com/default.aspx?scid=kb;en-us;898900


Download for Windows Server 2003 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyID=04a563d9-78d9-4342-a485-b030ac442084&DisplayLang=en

Comments

Popular posts from this blog

Adding a Comment to a GPO with PowerShell

As I'm writing this article, I'm also writing a customization for a PowerShell course I'm teaching next week in Phoenix.  This customization deals with Group Policy and PowerShell.  For those of you who attend my classes may already know this, but I sit their and try to ask the questions to myself that others may ask as I present the material.  I finished up my customization a few hours ago and then I realized that I did not add in how to put a comment on a GPO.  This is a feature that many Group Policy Administrators may not be aware of. This past summer I attended a presentation at TechEd on Group Policy.  One organization in the crowd had over 5,000 Group Policies.  In an environment like that, the comment section can be priceless.  I always like to write in the comment section why I created the policy so I know its purpose next week after I've completed 50 other tasks and can't remember what I did 5 minutes ago. In the Group Policy module for PowerShell V3, th

Return duplicate values from a collection with PowerShell

If you have a collection of objects and you want to remove any duplicate items, it is fairly simple. # Create a collection with duplicate values $Set1 = 1 , 1 , 2 , 2 , 3 , 4 , 5 , 6 , 7 , 1 , 2   # Remove the duplicate values. $Set1 | Select-Object -Unique 1 2 3 4 5 6 7 What if you want only the duplicate values and nothing else? # Create a collection with duplicate values $Set1 = 1 , 1 , 2 , 2 , 3 , 4 , 5 , 6 , 7 , 1 , 2   #Create a second collection with duplicate values removed. $Set2 = $Set1 | Select-Object -Unique   # Return only the duplicate values. ( Compare-Object -ReferenceObject $Set2 -DifferenceObject $Set1 ) . InputObject | Select-Object – Unique 1 2 This works with objects as well as numbers.  The first command creates a collection with 2 duplicates of both 1 and 2.   The second command creates another collection with the duplicates filtered out.  The Compare-Object cmdlet will first find items that are diffe

How to list all the AD LDS instances on a server

AD LDS allows you to provide directory services to applications that are free of the confines of Active Directory.  To list all the AD LDS instances on a server, follow this procedure: Log into the server in question Open a command prompt. Type dsdbutil and press Enter Type List Instances and press Enter . You will receive a list of the instance name, both the LDAP and SSL port numbers, the location of the database, and its status.