I am working on a script to create the directory structure for our new file servers, one of the steps is to create the shares which is easy enough;

net share <snarename>=<path> /grant:<user>:FULL (for full access obviously, but as file rights are controlled by NTFS this is less important).

Anyway one thing popped up, how about ABE (Access based enumeration) on a Windows 2008R2 box?  On Windows 2003 it was a ‘patch’ that needed downloading how about Windows 2008?  Well simple enough it’s as expected embedded and can be found under the advanced settings for the share in the “Share and storage management” mmc.  Sadly enough there does not seem to be any switch for the “net share” command that will enable this, the default for “net share” is ABE = off so you have to enable ABE manually afterwards 🙁

BTW; ABE is basically a feature that tell the server “only show the user the files he/she has access to” so the users will not see the “Top Secret” folders etc.

Read more and see the nice guides etc here;