Microsoft: Windows Server 2008 Access Based Enumeration


In Windows Server 2003 Access Based Enumeration was a separate download you hade to download and install on your server to enable this option. For those of you who do not know ABE let me explain very briefly what ABE does.

Access-based Enumeration (ABE) has been included in Microsoft® Windows Server™ 2003 Service Pack 1 to a) increase folder level security, b) improve administrator productivity by reliably streamlining large directory structures for less-technically savvy users, and c) provide a more seamless migration experience for end-users migrating to Windows servers. ABE filters shared folders visible to a user based on that individual user’s access rights, preventing the display of folders or other shared resources that the user does not have rights to access. ABE can be accessed via graphical user interface (GUI), command-line executable tool, and a robust advanced programming interface (API).

Check out the details for Windows Server 2003 ABE:

The good news is ABE is integrated in Windows Server 2008 and it has an GUI. Let me explain to you how to do it:

  1. Go to “start –> Programs –> Administrative Tools” and start “Share and Storage Management” MMCProvision a Shared Folder Wizard
  2. Provision a new Shared FolderProvision a Shared Folder Wizard
  3. Follow the steps until you reach SMB Settings and click Advanced to enable ABE. You can also see if ABE
    is enabled or disabledAdvanced Properties
  4. Check enable access-based enumeration to activate ABE or uncheck to disable ABE

If you want to change the ABE settings you can open “Share and Storage Management” MMC click your right mouse button and edit the properties for the provisioned share. You need to click Advanced to edit ABE. Until now I didn’t find any command-line tool to do this.

ABE Properties



About Author

2 thoughts on “Microsoft: Windows Server 2008 Access Based Enumeration

  1. ABE command-line interface
    Administrators can execute ABE with great flexibility with the command-line tool, abecmd.exe. This command-line executable file allows system administrators to designate the shared resources to which the operation should apply. The command can be run either on the server on which the targeted shared resource resides or remotely from any member client or server with abecmd.exe. However, ABE can only be enabled on shared resources residing on servers running Windows Server 2003 SP1.
    abecmd [/enable | /disable] [/server ] {/all | }
    Parameter Description
    /enable Enables ABE on the shared specified resource or on all shared resources.
    /disable Disables ABE on the shared specified resource or on all shared resources.
    /server Apply the action (making ABE enabled or not enabled) for shared resources on a server instead of the local computer.
    /all Apply the action (making ABE enabled or not enabled) for all shared resources.
    Note: If /all and a ShareName is specified, the ShareName is ignored.
    Designates the shared resource to which ABE will be applied or removed.

Leave a Reply

Your email address will not be published. Required fields are marked *