How to install and use the Windows Server 2003 access-based
The Purpose of the Access Based Enumeration tool is to make it so users can only view the folders which they have priveledges to on a server. This reduces the
confusion of the users and the hassle of the administrators and help-desk and it also ups the servers security.
By Default Access Based Enumeration (ABE) is installed on both Windows Server 2003 sp1 and r2 but in order for it to function properly you need to download and
install a file which creates a new tab on a shared folder's properties menu. This is obtained from
HERE and then once it is installed the
Access Based Enumeration (ABE) tool can be started either by command-line or by a GUI(Graphical User Interface). I will start off with
Now start the installation by clicking next.
Agree to the end-user agreement
Select where you want it installed and if it should be for
Here you can choose to enable ABE on all existing shared folders or to do
it manually for all existing folders.
HOORRAAAY!!!! Access-based Enumeration has been installed on your
Ensure That the installation was successful by right clicking on a shared
file and selecting properties.
In the tab selection there sould be one that reads "Access-based
Enabling Access-based Enumeration on each shared folder
The Two Ways Of Enabling it are:
Advantages of using the GUI version are that it "provides customers
with the most intuitive and self-explanatory means of enabling ABE, while
the command-line interface allows administrators the most flexibility in
managing ABE on shared resources across the network." ("Access-based
- By Command-line
- By Using the graphical user interface
Start by right-clicking on a shared folder (in this
case called common files) Click on Properties and then on the Access-based
This then offers two ways of enabling ABE:
1> Enable access-based enumeration on this shared folder
2> Apply this folder's setting to all existing shared folders on this
the first option only enables ABE on this one folder where as the second
option enables it on all shared folders currently on the server.
click apply or ok to actually enable it on the folder(s)
Enable By Command-line