Every once in a while Microsoft does something that causes admins all over to sigh FINALLY, Access Based Enumeration (ABE) is one such feature. New to Windows Server 2003 is the ability to install a small add-on that delivers what Novell and *Nix admins have had forever; the ability to hide files or folders that the user has no rights to access.

When enabled, ABE will hide the folders and files underneath a share when the user who is mapped to the share has no permissions to read them. This is a security friendly and end user friendly feature, if you don't have permissions to see it you shouldn't and if you don't need to see it you won't! Here is a typical shared folder with a few folders beneath it. The user does not have permissions to the Microsoft folder however it still appears.

Once ABE is installed, when you view the properties of the shared folder you will see a new tab. Click on the Access-based Enumeration tab, here you can set the visibilty on a per share, or per server basis.

Once ABE is enabled on the share, viewing the same directory only displays the files and folders to which the logged on used has permissions to.

For more information see:

Windows Server 2003 Access-based Enumeration Download