Jump to content
RESET Forums (homeservershow.com)

server 2012R2 essentials access based enumeration


niguy
 Share

Recommended Posts

yes i have checked these, everything has been covered, i have setup ABE on every folder that has been shared

Link to comment
Share on other sites

I'm giving them the ip as they are using a vpn to connect into the network, the only way for them to access the shares is via the ip address, the users dont have connector installed on there pc laptop or mac computers

additionaly the vpn is running on my firewall and the user authenticates via radius on the server

That's a DHCP/DNS issue, then.  

 

If the router/VPN is handing out the server's IP address as the DNS this shouldn't be an issue. But since I doubt that you've configured things this way, and because they don't have the connector software installed (and the auto-configuration of the DNS "bits"), that would likely be why you can't reach the server by name, and only by VPN. 

 

the problem i have is that it dose'nt work, when i navigate to \\ipaddress\ the users can still see all folders when they don't have access to 90% of them even with enumeration enabled

 

The most likely reason for this is that the shares are set to Full Control by "Everyone", and fall back onto NTFS permissions.  This is true for the main shares (\\server\Company, etc) and for the DFS'ed shares (\\server\Shared Folders\Company).

 

You could change this but I'm not sure how Essentials will react to that. 

Link to comment
Share on other sites

VPN Access users can reach the server via DNS with no problem, its just that i gave them the ip to access the shares, From a network stance they have no issues. As for the second part of your reply are you saying if i remove the full control by everyone the ABE should work? on each folder.

 

If I do this what are the possible consequences.

 

 

Thanks 

Link to comment
Share on other sites

Drashna brought up a good point.  You have "Share Permissions" and File Permissions".  The Share Permissions must have been set for Everyone to "Read" or see the Share.  If you want to change that then you are going to have an admin nightmare on your hands.

Link to comment
Share on other sites

Ok so I removed the EVERYONE Full Control but it didnt work, the user can still see the shares


ok so when i created the shared folder i did it within the dashboard, chosen the user and allowed them access to RW, The other users have been set to No Access

Edited by niguy
Link to comment
Share on other sites

Ok so I removed the EVERYONE Full Control but it didnt work, the user can still see the shares

ok so when i created the shared folder i did it within the dashboard, chosen the user and allowed them access to RW, The other users have been set to No Access

 

You removed them from the File Permissions I'd bet.  You need to edit the "Share Permissions".  Use Advanced Sharing to better understand this.

Link to comment
Share on other sites

the EVERYONE has been removed from the share and he can still see it, is there anything i can provide to show you the layout of the shares, give you better insite as to how things are setup?

 

Thanks 

Link to comment
Share on other sites

For the share permissions (run "fsmgmt.msc"):

Y79Hz5C.png

For NTFS permissions (note, I created groups in the dashboard, so it uses that instead.... yay):

L4erpb9.png

 

 

If you're using the "Shared Folders" path, that's set as "everyone" with read only, but should still default to the actual shares. 

 

Also, creating the shares through the dashboard means that everything is visible, just blocked if they don't have rights.

  • Like 1
Link to comment
Share on other sites

HI

 

So let me get this right, you are saying to edit the share permissions via fsmgmt.msc, i then have to remove "everyone" from the list and add only the people i want to be able to see the folder, also remove the created shares i added in the dashboard, i gather from what I'm reading if i add a share within the dashboard it wont make a difference what i do anywhere else as they will see the folder, so its better to forget the dashboard and do the above? would this be right

Link to comment
Share on other sites

hi

 

as an update i have removed all shares from the dashboard and recreated them the way i need them to be, one problem remains, everything is working fine and everyone can only see what they are entitled to see visually, i how ever have a problem with one of my own shares, i can access the folder but not all of the folders within it, it tells me i don't have read access and to edit the security of the folder to gain access, i have tried doing this but it fails every time, if you could provide any solution ....an easy way to do this i would appreciate it, is there a way to change the permissions on all folders within this folder so i have read and write access

 

thanks 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...