gee D�j� - you're exactly the type of people Joe meant when he was discussing free vs. paid for tools... ;-) I'd say, this is good stuff for 3am - who cares about typos.
I do agree the name is not too cool - but where did you leave your suggestions? It's always easy to say something is not original, but you're just as challenged as anyone else to come up with something better (that has 8 chars, as Joe seems to want it). I might go with ShareFlg or ShareMgr... /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, February 19, 2005 6:58 PM To: [email protected] Subject: RE: [ActiveDir] Access Based Enumeration Ex1: shrflags \serversh1 Display current settings for share sh1 on server Ex2: shrflags \server. Display current settings for all shares on server Ex3: shrflags \serversh1 /abe true /forreal Set access-based enumeration on share sh1 on server Ex4: shrflags \server. /abe true /forreal Set access-based enumeration on all disk shares on server Ex4: shrflags \serversh1 /abe false /forreal Set legacy enumeration on share sh1 on server Those switches can't possibly be correct. I'm sure you meant \\server\sh1 Now, wrt server name, I think it would make sense to put a logic in there that assumes local system IF a \\servername is not specified. Lazy people like me could then do shrflags .\. to work on every share on the local computer. So you called it quit after 3AM, uh? If only you had stayed up a little longer, this tool would probably have been much more robust. I'm still looking for that coffee-making tool, you know ;). Also, the name would have been something more original than shrflags - shrflags is soooo blah. Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of joe Sent: Sat 2/19/2005 12:33 AM To: [email protected] Subject: RE: [ActiveDir] Access Based Enumeration Take a look at http://www.joeware.net/win/free/tools/shrflgs.htm Let me know if it helps out. I threw it together a bit fast. It seems to work but it is a little after 3AM and I started working on it around midnight so what do I know? I got sick of looking at some new Exchange bugs I found this week so I had to do something that made sense. :o) It allows you to set all of the flags that are available to be set with the 1005 structure. Also for fun I have it dump the 502 structure including the sddl. Also for fun if you want, you can view or make changes to all of the shares on a server in one shot by specifying the share to work on as ".". In other words instead of saying \\server\sharename you can say \\server\. Note that you can't browse down through the structure to find this yet, I have to go through and tell the system to update the other links. I will do that when I am more awake as the last time I did Frontpage poked me in the eye and revved me backwards on some things. joe Examples: [Sat 02/19/2005 1:48:35.55] F:\Dev\CPP\ShrFlgs>shrflgs \\2k3sp1\shr ShrFlgs V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005 Share: shr Path : C:\temp\shr Remark : Max Use : 10 Current Use: 0 SDDL : O:BAG:S-1-5-21-1359466915-741757390-1924153770-513D:(A;;0x1200a9;;;WD) Flags No Client Side Caching Exclusive Opens Allowed Force Delete NOT Allowed Namespace Caching NOT Allowed Access Based Enumeration The command completed successfully. [Sat 02/19/2005 3:31:22.31] F:\Dev\CPP\ShrFlgs>shrflgs \\2k3sp1\. ShrFlgs V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005 Enumerating shares on \\2k3sp1 Share: ADMIN$ Path : C:\WINDOWS Remark : Remote Admin Max Use : Unlimited Current Use: 0 SDDL : Flags Manual Client Side Caching Exclusive Opens Allowed Force Delete NOT Allowed Namespace Caching NOT Allowed Legacy Enumeration Share: C$ Path : C:\ Remark : Default share Max Use : Unlimited Current Use: 0 SDDL : Flags Manual Client Side Caching Exclusive Opens Allowed Force Delete NOT Allowed Namespace Caching NOT Allowed Legacy Enumeration Share: IPC$ Path : Remark : Remote IPC Max Use : Unlimited Current Use: 1 SDDL : Flags Manual Client Side Caching Exclusive Opens Allowed Force Delete NOT Allowed Namespace Caching NOT Allowed Legacy Enumeration Share: NETLOGON Path : C:\WINDOWS\SYSVOL\sysvol\sp1dom.com\SCRIPTS Remark : Logon server share Max Use : Unlimited Current Use: 0 SDDL : O:BAG:SYD:(A;;0x1200a9;;;WD)(A;;FA;;;BA) Flags Manual Client Side Caching Exclusive Opens NOT Allowed Force Delete NOT Allowed Namespace Caching NOT Allowed Legacy Enumeration Share: shr Path : C:\temp\shr Remark : Max Use : 10 Current Use: 0 SDDL : O:BAG:S-1-5-21-1359466915-741757390-1924153770-513D:(A;;0x1200a9;;;WD) Flags No Client Side Caching Exclusive Opens Allowed Force Delete NOT Allowed Namespace Caching NOT Allowed Access Based Enumeration Share: SYSVOL Path : C:\WINDOWS\SYSVOL\sysvol Remark : Logon server share Max Use : Unlimited Current Use: 0 SDDL : O:BAG:SYD:(A;;0x1200a9;;;WD)(A;;FA;;;BA)(A;;FA;;;AU) Flags Manual Client Side Caching Exclusive Opens NOT Allowed Force Delete NOT Allowed Namespace Caching NOT Allowed Legacy Enumeration Share: testshare Path : c:\ Remark : Shared by remote command. Max Use : Unlimited Current Use: 0 SDDL : O:BAG:S-1-5-21-1359466915-741757390-1924153770-513D:(A;;FA;;;WD) Flags Manual Client Side Caching Exclusive Opens NOT Allowed Force Delete NOT Allowed Namespace Caching NOT Allowed Access Based Enumeration The command completed successfully. [Sat 02/19/2005 3:31:31.46] F:\Dev\CPP\ShrFlgs> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Friday, February 18, 2005 7:22 PM To: [email protected] Subject: RE: [ActiveDir] Access Based Enumeration you could also ask your friendly MS representative to contact the product group - they have a nice little tool available to enabled access based enumeration on tools. They're still thinking of putting a little UI option in the share-dialog to enable this (which would make sense), but unclear if it'll make SP1. /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Casey Sent: Friday, February 18, 2005 10:18 PM To: [email protected] Subject: RE: [ActiveDir] Access Based Enumeration That would be great..thanks. Being in the early stages of migrating from Novell, this feature is very important. It would be nice to at least test the feature without having to try a 3rd party solution like scriptlogics Cloak. Thanks nathan >>> [EMAIL PROTECTED] 2/18/2005 1:12:45 PM >>> That is correct. However, if I get the time to get this fixed this weekend, I'll be happy to share it with you for all your experimental fun. Regards, Paul -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Casey Sent: Friday, February 18, 2005 10:08 PM To: [email protected] Subject: RE: [ActiveDir] Access Based Enumeration So basically, for non programmers, Access Based Enumeration is not an option at this point.... >>> [EMAIL PROTECTED] 2/18/2005 9:05:37 AM >>> Enabling it will require you to compile a C function into a nice little command. I plan to do so this weekend, completely forgotten about it. This is one of the places that explains the process. Enjoy http://weblogs.asp.net/jhoward/archive/2005/02/11/371080.aspx Regards, Paul PS: If you examine the NetShareSetInfo function, it'll be obvious how to put this into an executable. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Casey Sent: vrijdag 18 februari 2005 18:01 To: [email protected] Subject: [ActiveDir] Access Based Enumeration Does anyone have a good doc on enabling the new 2003 SP1 Access Based Enumeration feature? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
