To enable "Access Based Enumeration on a Windows 2008
or later server, ensure that the appropriate NTFS and Share permissions are set
on the root share directory. In my case
I needed to allow everyone the ability to see the root share but restrict
access to the subdirectories. To avoid
giving the users unnecessary access, I removed the "Everyone Group"
and added the "Authenticated Users Group" with the Read and Change
Share permissions. I then gave explicit
NTFS permissions to those groups who needed access to any of the
subdirectories.
Since I only wanted the "Authenticated Users to see the
Root Share but not have access to the sub directories, I gave the “Authenticated Users” Read NTFS
permissions which includes the Travers folder permissions to allow them
to drill down past the root share. I
then broke inheritances and made sure the “Authenticated Users” group had the following
Special NTFS permissions. I also made sure to select “ Apply only to this
folder”.
List folder / read data
Read attributes
Read extended
attributes
Read permissions
I then added my other groups with explicit permissions to their
respective directories. So at this point
the root share is visible to all Authenticated Users but the subdirectories are
only displayed to those users/groups with explicit NTFS permissions, “Read,
Write and Modify” and all of the special permissions that are included.
