Press "Enter" to skip to content

Network share: enable enumeration based on access EBA

0

Introduction

The access-based enumeration allows to display in a network share, only folders and files whose use has at least a right of reading. Other documents and folders will be hidden.

Enabling this feature will increase the CPU resource consumption on the file server because at each access this will check what should be displayed.

In order to work properly, the NTFS rights must be set correctly and requires disabling the inheritance and removing the SERVER \ Users group rights because this group contains the Domain Users group.

Enable enumeration based on access EBA

1. On the server where the share is located, launch Server Manager and go to Manage File and Storage Services and view Shares 1 .
Server manager

2. Right click on the shared folder 1 where the EBA must be activated and click Properties 2 .
Shared folder

3. Check the Enable access-based enumeration 1 check box and click Apply 2 then OK 3 .
Active EBA

The EBA is now enabled on the shared folder, we will see now configure the rights.

Configure NTFS rights to use EBA

To illustrate the tutorial, in the IT folder, I created a folder pmartin where only the user pmartin has the rights to it.
Folder example

On a post, I logged in with the user dbon and I went on sharing, as can be seen on the screenshot below, the pmartin folder is not displayed.
the folder is not displayed

Conclusion

Access-based enumeration provides additional security by hiding folders that users do not have access to, to work properly this involves properly configuring NTFS rights.



Related Posts


Setting up a read-only domain controller – RODC
Introduction In this article, we are going to have how to set up a read-only domain controller (RODC). This type of controller, as the name suggests, is read-only, so it can not change user attributes or even add objects. There are several implementa

Sophos XG: installation on Hyper-V
In this tutorial, we will have how to install a Sophos XG firewall on a virtual machine with Hyper-V. For this article, I used the Sophos XG home version which is available for free. Prerequisites Download the ISO firewall on the site sophos and reco

Sophos XG: secure emails
Introduction In this tutorial, we will see how to secure emails with a Sophos XG firewall. The firewall offers two modes of operation for filtering emails: MTA : the firewall will act as an SMTP relay Legacy : it will be placed in transparent mode, w

Leave a Reply

Your email address will not be published. Required fields are marked *

It looks like you're using an adblocker.
We use ads to keep our content free. Please support us by turning off your adblocker.