How to hide shared folders and how to hide shared folders that users do not have access to

In the corporate LAN, a file server is usually built to share some files for LAN users to access. However, in the need of file security considerations, sometimes we need to hide some shared files, especially need to hide some shared files that users do not have access to, thus protecting the shared file security and preventing users and outsiders who are not authorized to access the LAN from accessing the share. The behavior of the file.

So, how do you hide shared folders, how to hide shared documents, and how to hide shared files or shared folders that users don't have access to? The author believes that it can be achieved in two ways:

First, use the Windows Server 2003 Access-based Enumeration plug-in that comes with the operating system to hide shared files and not display shared folders that users do not have access to. .

Windows Server 2003 Access-based Enumeration, this plugin uses the NTFS partition feature to hide folders that users do not have permission to use. Users have no way to see folders that they do not have permission to use. of.

Access-based Enumeration is a feature included in WS03 SP1 that enhances the security of shared files. ABE filters the visibility of shared folders based on user access rights. It prevents folders or other shared resources from being leaked to users who do not have access. By using ABE, IT system administrators can ensure that users can only view folders and files they have access to, and those folders and files that they do not have access to are not displayed in their files and folders list. come out.

1. Users need to download the appropriate ABE engine. Each engine is suitable for different Windows installation files or MSI file types. There are three types available: x86 for 32-bit systems, x64 for 64-bit systems, and ia64 for Itanium systems.

2. After installation, type regsvr32 abeui.dll at the command prompt to register the ABEUI.DLL file.

3. After the installation is completed, there will be an “Access-based enumeration” item in the “Attributes” of the shared folder, and a share named File will be built on the D disk (NTFS partition). Folder This folder contains two subfolders admin and user. The admin folder can only be accessed by specific users (not set to share here, but set the relevant permissions in the security of the file--properties), and the user folder Any user can access (not set to share here, but set the relevant permissions in the security of the file - properties), and set the folder to be fully shared.

4. Right click on the folder admin, then <;properties"——“security&>——advanced——allow“allow parent inheritance permissions to propagate to Object and all child objects. Including those items (A) that are clearly defined here, the previous check is removed, a dialog box pops up, click “Copy”, click “" Apply”.

5. Go back to the Properties dialog and delete ”USERS”user, click “OK”, complete permission settings.

6. Right click on File folder ——“property”——“Enable access-based enumeration or this shared folder”, if you want to apply this setting to the computer all shared Please select “Apply this folder’s setting to all existing shared folders on this computer”.

7. You can access the shared folder from the client, you will find that the admin folder is already invisible.

Please note:

1. The ABE function is invalid for local administrators.

2, ABE changes the access mode of the shared directory, will increase the CPU utilization of the server and will reduce the access speed.

3, only the shared directory attributes will appear in the ABE property page

The next step is to deploy the VBS login script, to automatically map the network disk to AD users, this script will judge whether There is the same network disk, and the network disk will not be repeatedly generated.
ASP/Visual Basic Code Copy content to clipboard On error resume next