This is new nifty feature introduced in Microsoft Windows 2003 SP1 called Access based Enumeration (ABE). It is use to increase security around file sharing (file servers).
ABE filters shared folders visible to a user based on that individual user’s access rights; preventing the display of folders or other shared resources that the user does not have rights to access, (i.e. it hides files from unauthorized users just like old Novell Netware product).
If you have Windows 2003 SP1 installed, you just need to download ABE GUI and command line tools to enable ABE from Microsoft site.
Select appropriate download (i386 or AMD64 or IA64) and install the ABE. Start the installation, while installing you can enable ABE for all shared folder or for selected folders only.
How do I use ABE GUI tool?
To use the ABE GUI, right-click on a shared folder and select Properties > Select the Access based Enumeration tab of the Properties property sheet which offers two options for enabling ABE. Enable ABE for current shared folder or for all shared folder.
Once it (ABE) is enabled on shared folder user would now see only the files he/she has permissions to view.
How do I use ABE command line tool?
Seasoned windows administrator prefers to use command line tool abecmd.exe. It offers great flexibility as admin can run either on the server on which the targeted shared resource resides or remotely from any member client or server with abecmd.exe.
At command prompt type command on file server:
C:> abecmd /enable “data”
OR from another server:
C:> abecmd /enable 192.168.1.50 “data”
See the complete option list with following help command:
C:> abecmd /?