Access based enumeration enables you to configure advanced display options for shared folders. If a user is mapped to a network drive and this network drive has the Access Based Enumeration Feature enabled then this user can only see folders that he has access to. So far so good. Now I’m going to show how to configure this great feature in the graphical interface and – of course – in Windows PowerShell.
But let me first say some things about this feature. The question is why would you want to do this?
A defense of Access Based Enumeration 😉
The first reason is security. Why do you want to show files and folders to users that have no access to it? No need for.
The second reason is user experience. Why do you want to distract user with tons of files and folders that they don’t have access to? Remember: If your users are fine, then you are fine.
Configuring Access Based Enumeration with Server Manager
On the server which holds the shared folder open Server Manager. Click on File and Storage Services.
Next click on Shares.
Select your shared folder and right click it. Select Properties. Activate the checkbox Access Based Enumeration.
Configuring Access Based Enumeration by using Windows PowerShell
Welcome to the Champions League! Who needs Server Manager? 😉
Set-SmbShare -Name Data -FolderEnumerationMode AccessBased
To verify your settings run
Get-SmbShare -Name Data | Select-Object FolderEnumerationMode
To check all your local shares run
Get-SmbShare | Select-Object Name,FolderEnumerationMode
Ok, if this is the first time you’ve heard from this great feature, then you might think “Hmm… does this really works in my environment?” Ok, Ok I will give you preview. So, let’s have a look to the permissions of user Petra. Petra has access to the shared folder Data and to it’s subfolders HR and PR, but not IT.
On the left side you see the server’s view and on the right side Petra’s view. Quite different … Petra does not have access to the IT folder. Therefore she can see only the folders HR and PR.
Have fun with Access Based Enumeration and don’t forget: If your users are fine, then you are fine. 😉
More about File Shares in my blog posts