You need to ensure that when the users connect to Documents, they only see the files to which they have access

Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012. The domain contains a member server named Server1. Server1 has the File Server
server role installed.
On Server1, you create a share named Documents. TheDocuments share will contain the files and foldersof
all users.
You need to ensure that when the users connect to Documents, they only see the files to which they have
access.
What should you do?

Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012. The domain contains a member server named Server1. Server1 has the File Server
server role installed.
On Server1, you create a share named Documents. TheDocuments share will contain the files and foldersof
all users.
You need to ensure that when the users connect to Documents, they only see the files to which they have
access.
What should you do?

A.
Modify the NTFS permissions.

B.
Modify the Share permissions.

C.
Enable access-based enumeration.

D.
Configure Dynamic Access Control.

Explanation:
Access-based Enumeration is a new feature included with Windows Server 2003 Service Pack 1. This
featureallows users of Windows Server 2003based file servers to list only the files and folders to which they
haveaccess when browsing content on the file server. This eliminates user confusion that can be caused
whenusers connect to a file server and encounter a large number of files and folders that they cannot access.
Access-based Enumeration filters the list of available files and folders on a server to include only those that
therequesting user has access to.
This change is important because this allows users to see only those files and directories that they haveaccess
to and nothing else. This mitigates the scenario where unauthorized users might otherwise be able tosee the
contents of a directory even though they don’t haveaccess to it.
Access-Based Enumeration (ABE) can be enabled at the Share properties through Server Manager.



After implementation instead of seeing all folder including the ones the user does not have access to:

User will have access just to the folder where has rights to:

If a user with full access browses the same folder it will show all 5230 folders.
http://technet.microsoft.com/en-us/library/cc784710%28v=ws.10%29.aspx http://technet.microsoft.com/pt-pt/
library/dd772681%28v=ws.10%29.aspx



Leave a Reply 1

Your email address will not be published. Required fields are marked *