By default, when a user opens some shared network folder, SMB displays a full list of files and folders on it (of course only if user have permission to access share). To hide the folder that user does not have permission and wish them only can see on their folder. Access Based Enumeration (ABE) allows you to hide specific files and folders for a user who don’t have access permission.
In this lab, I have 3 users and the folder structure as below:
- User A: only see the Accounting folder
- User B: only see the Purchasing folder
- User C: can see both folders
Here is a good article will help you on how to share a folder/file https://support.microsoft.com/en-us/help/277867/windows-ntfs-permissions-are-required-when-you-run-word-on-any-ntfs-pa
However, the access-based enumeration is not enabled by default on the following types of shared folders:
- Shared folders that are created with Share and Storage Management, Advanced Sharing in Windows Explorer, or the net share command
- Folders or volumes that are shared for administrative purposes, such as C$ and ADMIN$
As mentioned above, User A or User B access to a shared network folder, SMB will display a full list of folders and files.
Try click to the Purchasing folder that User A does not have permission, you will prompt an error.
How to hide the no permission folders?
Enable Access-Based Enumeration by going to Server Manager > File and Storage Services > Shares, right-click the Shared_Docs > Properties
Go to Settings > check Enable access-based enumeration > OK
At the client side User A, you should sign-out to take effect then verify again, you should only see the Accounting folder. User B is versa.
That’s all. Hope it helps.