Hey Deji... Bite me.
Yes those were \\ bugs in the help. Help was the last thing I did, my eyes
were barely open; I am more for getting the code right so focus there first.
I got stuck for about an hour with the caching flags because I was trying to
understand what they were for because the MSDN names for the settings are
less than intuitive and didn't want a bunch of people asking what the heck
it meant when they saw that info enumerated.
Typos are corrected - V01.00.01 is posted, sorry it took a little while as I
went to the fish store and bought a new sand sifting starfish, a highfin
goby, a couple of pieces of coral, and a really colorful type of sea slug
that I can't recall the name of right now. It is three shades of purple with
white and some orange protruding things. It is fighting with the Trumpet
coral (aka Kryptonite coral) and the firefish for the position of most
colorful thing in the tank. I went to buy the sandstar and snails and
totally forgot about the snails which were the cheapest part of the whole
thing. Hopefully the slug will eat some of the algae running around, I let
the nitrate level get a little high before a water change.
Actually you can do .\. or .\sharename if you would like. I just didn't
document it as such. You can do servername\. or servername\share as well. I
don't assume that you prefix the \\ properly so I strip them off if they are
there and stick them back on when I need to do the calls that require the
prefix.
I thought about allowing even just . or servername or sharename but then
realized if someone dorked up the command they might set options on shares
that they didn't intend so I am going to make admins do just a little more
work, make them actually type that extra . or the share name.
You will love the name of the new tool I have framed-out when I worked on
this one as well. It is called shr. I am thinking possibly have making a gui
share manager as well, it would be named shrgui but would have a price
associated with it since I would have to spend time working on the gui
aspects and I wouldn't ever use that part of it personally.
I am not big on huge fancy names, especially names with spaces in them for
obvious reasons. Actually the shorter the name the better. Less to type when
flying along doing work. I made a couple of tools with really short names
once and got in trouble for one of the names though. I didn't even think
about it until after the fact. The first tool was a disk usage tool which I
obviously called du. The next one was a tool for file usage...
joe
F:\DEV\cpp\ShrFlgs>shrflgs .\.
ShrFlgs V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005
Enumerating shares on \\.
Share: ADMIN$
Path : C:\WINDOWS
Remark : Remote Admin
Max Use : Unlimited
Current Use: 0
SDDL :
Flags
Manual Client Side Caching
Exclusive Opens Allowed
Force Delete NOT Allowed
Namespace Caching NOT Allowed
Legacy Enumeration
Share: C$
Path : C:\
Remark : Default share
Max Use : Unlimited
Current Use: 0
SDDL :
Flags
Manual Client Side Caching
Exclusive Opens Allowed
Force Delete NOT Allowed
Namespace Caching NOT Allowed
Legacy Enumeration
<SNIP>
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Saturday, February 19, 2005 12:58 PM
To: [email protected]
Subject: RE: [ActiveDir] Access Based Enumeration
Ex1:
shrflags \serversh1
Display current settings for share sh1 on server
Ex2:
shrflags \server.
Display current settings for all shares on server
Ex3:
shrflags \serversh1 /abe true /forreal
Set access-based enumeration on share sh1 on server
Ex4:
shrflags \server. /abe true /forreal
Set access-based enumeration on all disk shares on server
Ex4:
shrflags \serversh1 /abe false /forreal
Set legacy enumeration on share sh1 on server
Those switches can't possibly be correct. I'm sure you meant \\server\sh1
Now, wrt server name, I think it would make sense to put a logic in there
that assumes local system IF a \\servername is not specified. Lazy people
like me could then do shrflags .\. to work on every share on the local
computer.
So you called it quit after 3AM, uh? If only you had stayed up a little
longer, this tool would probably have been much more robust. I'm still
looking for that coffee-making tool, you know ;). Also, the name would have
been something more original than shrflags - shrflags is soooo blah.
Sincerely,
D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: [EMAIL PROTECTED] on behalf of joe
Sent: Sat 2/19/2005 12:33 AM
To: [email protected]
Subject: RE: [ActiveDir] Access Based Enumeration
Take a look at
http://www.joeware.net/win/free/tools/shrflgs.htm
Let me know if it helps out. I threw it together a bit fast. It seems to
work but it is a little after 3AM and I started working on it around
midnight so what do I know? I got sick of looking at some new Exchange bugs
I found this week so I had to do something that made sense. :o)
It allows you to set all of the flags that are available to be set with the
1005 structure. Also for fun I have it dump the 502 structure including the
sddl. Also for fun if you want, you can view or make changes to all of the
shares on a server in one shot by specifying the share to work on as ".". In
other words instead of saying \\server\sharename you can say \\server\.
Note that you can't browse down through the structure to find this yet, I
have to go through and tell the system to update the other links. I will do
that when I am more awake as the last time I did Frontpage poked me in the
eye and revved me backwards on some things.
joe
Examples:
[Sat 02/19/2005 1:48:35.55]
F:\Dev\CPP\ShrFlgs>shrflgs \\2k3sp1\shr
ShrFlgs V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005
Share: shr
Path : C:\temp\shr
Remark :
Max Use : 10
Current Use: 0
SDDL :
O:BAG:S-1-5-21-1359466915-741757390-1924153770-513D:(A;;0x1200a9;;;WD)
Flags
No Client Side Caching
Exclusive Opens Allowed
Force Delete NOT Allowed
Namespace Caching NOT Allowed
Access Based Enumeration
The command completed successfully.
[Sat 02/19/2005 3:31:22.31]
F:\Dev\CPP\ShrFlgs>shrflgs \\2k3sp1\.
ShrFlgs V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005
Enumerating shares on \\2k3sp1
Share: ADMIN$
Path : C:\WINDOWS
Remark : Remote Admin
Max Use : Unlimited
Current Use: 0
SDDL :
Flags
Manual Client Side Caching
Exclusive Opens Allowed
Force Delete NOT Allowed
Namespace Caching NOT Allowed
Legacy Enumeration
Share: C$
Path : C:\
Remark : Default share
Max Use : Unlimited
Current Use: 0
SDDL :
Flags
Manual Client Side Caching
Exclusive Opens Allowed
Force Delete NOT Allowed
Namespace Caching NOT Allowed
Legacy Enumeration
Share: IPC$
Path :
Remark : Remote IPC
Max Use : Unlimited
Current Use: 1
SDDL :
Flags
Manual Client Side Caching
Exclusive Opens Allowed
Force Delete NOT Allowed
Namespace Caching NOT Allowed
Legacy Enumeration
Share: NETLOGON
Path : C:\WINDOWS\SYSVOL\sysvol\sp1dom.com\SCRIPTS
Remark : Logon server share
Max Use : Unlimited
Current Use: 0
SDDL : O:BAG:SYD:(A;;0x1200a9;;;WD)(A;;FA;;;BA)
Flags
Manual Client Side Caching
Exclusive Opens NOT Allowed
Force Delete NOT Allowed
Namespace Caching NOT Allowed
Legacy Enumeration
Share: shr
Path : C:\temp\shr
Remark :
Max Use : 10
Current Use: 0
SDDL :
O:BAG:S-1-5-21-1359466915-741757390-1924153770-513D:(A;;0x1200a9;;;WD)
Flags
No Client Side Caching
Exclusive Opens Allowed
Force Delete NOT Allowed
Namespace Caching NOT Allowed
Access Based Enumeration
Share: SYSVOL
Path : C:\WINDOWS\SYSVOL\sysvol
Remark : Logon server share
Max Use : Unlimited
Current Use: 0
SDDL : O:BAG:SYD:(A;;0x1200a9;;;WD)(A;;FA;;;BA)(A;;FA;;;AU)
Flags
Manual Client Side Caching
Exclusive Opens NOT Allowed
Force Delete NOT Allowed
Namespace Caching NOT Allowed
Legacy Enumeration
Share: testshare
Path : c:\
Remark : Shared by remote command.
Max Use : Unlimited
Current Use: 0
SDDL :
O:BAG:S-1-5-21-1359466915-741757390-1924153770-513D:(A;;FA;;;WD)
Flags
Manual Client Side Caching
Exclusive Opens NOT Allowed
Force Delete NOT Allowed
Namespace Caching NOT Allowed
Access Based Enumeration
The command completed successfully.
[Sat 02/19/2005 3:31:31.46]
F:\Dev\CPP\ShrFlgs>
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Friday, February 18, 2005 7:22 PM
To: [email protected]
Subject: RE: [ActiveDir] Access Based Enumeration
you could also ask your friendly MS representative to contact the product
group - they have a nice little tool available to enabled access based
enumeration on tools. They're still thinking of putting a little UI option
in the share-dialog to enable this (which would make sense), but unclear if
it'll make SP1.
/Guido
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nathan Casey
Sent: Friday, February 18, 2005 10:18 PM
To: [email protected]
Subject: RE: [ActiveDir] Access Based Enumeration
That would be great..thanks. Being in the early stages of migrating from
Novell, this feature is very important. It would be nice to at least test
the feature without having to try a 3rd party solution like scriptlogics
Cloak.
Thanks
nathan
>>> [EMAIL PROTECTED] 2/18/2005 1:12:45 PM >>>
That is correct. However, if I get the time to get this fixed this weekend,
I'll be happy to share it with you for all your experimental fun.
Regards,
Paul
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nathan Casey
Sent: Friday, February 18, 2005 10:08 PM
To: [email protected]
Subject: RE: [ActiveDir] Access Based Enumeration
So basically, for non programmers, Access Based Enumeration is not an
option at this point....
>>> [EMAIL PROTECTED] 2/18/2005 9:05:37 AM
>>>
Enabling it will require you to compile a C function into a nice little
command.
I plan to do so this weekend, completely forgotten about it.
This is one of the places that explains the process. Enjoy
http://weblogs.asp.net/jhoward/archive/2005/02/11/371080.aspx
Regards,
Paul
PS: If you examine the NetShareSetInfo function, it'll be obvious how to put
this into an executable.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nathan Casey
Sent: vrijdag 18 februari 2005 18:01
To: [email protected]
Subject: [ActiveDir] Access Based Enumeration
Does anyone have a good doc on enabling the new 2003 SP1 Access Based
Enumeration feature?
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender.
Thank you.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
