Dear Sir / Madam, We are using the Window Enterprise 2003 server 64 bit with the folder sharing function enabled. But when we shared the folder on the network, we found that the user can see (just can see but cannot access the folder) the share names and icon through network neighborhood even they haven't the access right (I mean both share and security permission). Is it the normal phenomenon for Window platform operation? For security reasons, How can we restricted the user prevent to see the network share name and icon if they haven't the relevant folder share and security permission? Grateful if can advise... Thanks for help!!

Hi, Please check whether the Access-based Enumeration (ABE) will fulfill your requirement. Windows Server 2003 Access-based Enumeration http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx

I would suggest doing this that way. Download Access Based Enumeration for Windows 2003 x64 from http://www.microsoft.com/downloads/en/details.aspx?FamilyId=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en install it and then on share properties enable ABE feature. Now, share this folder and at the end of shared folder's name add $ (to hide share from display). For example MySharedFolder$. Go to share's properties and set up Full Control permission to "Everyone" group. On "Security" tab (NTFS permissions) add all groups you want to allow accessing data (I would suggest creating Domain Local groups in AD for roles (one for Read permission and another for Modify permission). Assign to these groups appropriate permissions and then in script mapping that drive use command net use <Drive_Letter> /delete net use <Drive_Letter> \\server_name\<shared_folder>$ example for J-Drive net use j: /delete net use j: \\server1\MySharedFolder$ Now, when user types in browser \\server_name he/she doesn't see that hidden share at all. ABE benefit is that users which have no at least "List folders contents" or "Read" permissions do not see folders/files at all. Hope it helps.Regards, Krzysztof

Dear Miles Li, I have enabled the ABE before in the shared folder level, but its seems the shared folder name and icons also can be seem, but the subfolder cannot be seen. We want enable at the top level not just only target the folder inside ..!! How to do that ? Thanks.

Have you tried with hidden shares from my post above ?Regards, Krzysztof

Thanks.. Krzysztof Waiting for MS official forum reply to see whether exists furthur solution.