Prior to ABE (Access-Based Enumeration), a user who had access to a share could see all the shares sub-folders, even if they didn't have permission to read the sub-folder.

If you enable ABE on a share, users who don't have permission to read a sub-folder will NOT be able to see the sub-folder when they enumerate the share.

NOTE: See Windows Server 2003 Access-based Enumeration tool. NOTE: If you have redirected user folders at \\ServerName\Users, you can hide the other user's folders by enabling ABE on the share:

         shrflags \\ServerName\Users /abe true /forreal

When I type shrflgs /?, I receive:

ShrFlgs V01.00.01cpp Joe Richards (joe@joeware.net) February 2005                              Usage:                               ShrFlgs \\server\share \[switches\]                                server         Server to work with.                                share          Share name to work on. If '.' is specified, ShrFlgs                                               will enumerate all shares and display or update them.                                Switches: (designated by - or /)                                 -forreal               Really make changes.                                 -noadmin               Don't display admin shares.                                 -abe (true|false)      Set/clear access-based enumeration.                                 -afd (true|false)      Set/clear allowed forced delete.                                 -nscache (true|false)  Set/clear Namespace caching.                                 -exclopen (true|false) Set/clear allow exclusive open.                                 -csc xxx               Set client side caching mode.                                    Valid values for xxx:                                      none   - No offline caching                                      auto   - All files opened by user will be cached.                                      manual - User selected files will be cached.                                      vdo    - All files opened by user will be cached, optimized.                                Note: Access-based enumeration requires at least Windows 2003 SP1.                                      You will not get an error on earlier OS'es if you try to set                                       ABE, it simply will not be set.                                Ex1:                                  shrflags \\server\sh1                                    Display current settings for share sh1 on server                                Ex2:                                  shrflags \\server\.                                    Display current settings for all shares on server                                Ex3:                                  shrflags \\server\sh1 /abe true /forreal                                    Set access-based enumeration on share sh1 on server                                Ex4:                                  shrflags \\server\. /abe true /forreal                                    Set access-based enumeration on all disk shares on server                                Ex4:                                  shrflags \\server\sh1 /abe false /forreal                                    Set legacy enumeration on share sh1 on server                               This software is Freeware. Use it as you wish at your own risk.                               I do not warrant this software to be fit for any purpose or use and                               I do not guarantee that it will not damage or destroy your system.                               If you have improvement ideas, bugs, or just wish to say Hi, I                               receive email 24x7 and read it in a semi-regular timeframe.                               You can usually find me at joe@joeware.net
Press the Download button on the following Web page: