39712: Acronis Files Connect and Access Based Enumeration

Summary:

Access Based Enumeration (ABE) is a new feature in Windows Server 2003 SP1 (and above) that filters the shared folders that are visible to a user based on the user's access rights. This prevents the display of folders or other shared resources that the user does not have the right to access.

ABE is designed for SMB connections and will not apply to users connecting to the server with any other method. However, Group Logic added an equivalent feature to Acronis Files Connect (formerly ExtremeZ-IP) long ago. These settings are located in the Acronis Files Connect administrator or in the registry.

Description:

The two keys below are DWORDs and can be added in the following registry location for Acronis Files Connect 4:

\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExtremeZ-IP\Parameters4\NonRefreshable

ShowInaccessibleFiles

This controls whether users are able to see files for which they do not have at least "read attributes". The "read attributes" property does not imply the ability to read a file, but only to be able to see what the permissions and other attributes of the file are.

"ShowInaccessibleFiles"=dword:00000001
Default: On (1)
Refreshable: No

ShowInaccessibleFolders

This controls whether users are able to see folders for which they have neither read nor write access.

"ShowInaccessibleFolders"=dword:00000001
Default: On (1)
Refreshable: No

To enable the hiding of folders and files that the user does not have permissions to, save the following 5 lines as a text file with an extension of .reg to create a registry import file:

 

Windows Registry Editor Version 5.00

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ExtremeZ-IP\Parameters4\NonRefreshable]
"ShowInaccessibleFiles"=dword:00000000
"ShowInaccessibleFolders"=dword:00000000

 

**Requires EZIP be restarted from the Sevices Control Panel for the changes to take effect (Start > Administrative Tools > Services).

A similar feature can be enabled within the Acronis Files Connect administrator to control access for volumes:

Show Only Accessible Volumes

To enable this setting, go to Acronis Files Connect Administrator > Settings > Security.

Home Directory Filtering

Finally there is also a home directory feature in Acronis Files Connect that can be enabled on a volume by volume basis, which will only show the client a directory if it matches their username or if it matches the the path defined in their Active Directory profile for their home directory. More information on home directory filtering, can be found in the Knowledge Base article below.

Tags: 

You are reporting a typo in the following text:
Simply click the "Send typo report" button to complete the report. You can also include a comment.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
9 + 7 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.