Enabling or disabling access-based enumeration on SMB shares
You can enable or disable access-based enumeration (ABE) on SMB shares to allow or prevent users from seeing shared resources that they do not have permission to access.
About this task
By default, ABE is disabled.
Examples
The following example creates an ABE SMB share named sales
with a path of /sales on SVM vs1. The share is created with access-based-enumeration as a share property:
cluster1::> vserver cifs share create -vserver vs1 -share-name sales -path /
sales -share-properties access-based-enumeration,oplocks,browsable,changenotify
cluster1::> vserver cifs share show -vserver vs1 -share-name sales
Vserver: vs1
Share: sales
CIFS Server NetBIOS Name: VS1
Path: /sales
Share Properties: access-based-enumeration
oplocks
browsable
changenotify
Symlink Properties: enable
File Mode Creation Mask: -
Directory Mode Creation Mask: -
Share Comment: -
Share ACL: Everyone / Full Control
File Attribute Cache Lifetime: -
Volume Name: -
Offline Files: manual
<span className="ph">Vscan File-Operations Profile: standard</span>
The following example adds the access-based-enumeration share property to an SMB share named data2
:
cluster1::> vserver cifs share properties add -vserver vs1 -share-name data2 -share-properties access-based-enumeration
cluster1::> vserver cifs share show -vserver vs1 -share-name data2 -fields share-name,share-properties
server share-name share-properties
------- ---------- -------------------------------------------------------
vs1 data2 oplocks,browsable,changenotify,access-based-enumeration
Give documentation feedback