Lenovo DM series
什么是ABE(access-based-enumeration)?
“基于访问的枚举仅显示用户有权访问的文件和文件夹。如果用户没有文件夹的“读取”(或等效)权限,则Windows将从用户视图中隐藏该文件夹。仅当查看共享文件夹中的文件和文件夹时,此功能才有效。在查看本地文件系统中的文件和文件夹时,它不处于活动状态。”
基于访问的枚举有什么作用?
基于访问的枚举仅显示用户有权访问的文件和文件夹。如果用户没有文件夹的“读取”(或等效)权限,则Windows将从用户视图中隐藏该文件夹。仅当查看共享文件夹中的文件和文件夹时,此功能才有效。在本地文件系统中查看文件和文件夹时,该按钮不处于活动状态。
谁会对此功能感兴趣?
想要控制哪些文件和文件夹对网络用户可见的IT管理员
想要控制用户体验的IT管理员
例如,如果在包含许多用户主目录的共享文件夹上启用基于访问的枚举,则访问该共享文件夹的用户只能看到其个人主目录;其他用户的文件夹从视图中隐藏。
默认情况下,ABE 处于禁用状态。
查看vserver-name和share-name
DM5K::> vserver cifs share show
Vserver Share Path Properties Comment ACL
-------------- ------------- ----------------- ---------- -------- -----------
svm admin$ / browsable - -
svm c$ / oplocks - BUILTIN\Administrators / Full Control
browsable
changenotify
show-previous-versions
svm ipc$ / browsable - -
svm vol01 /vol01 browsable - Everyone / Change
changenotify
oplocks
show-previous-versions
svm vol02_bak /vol02_bak oplocks - Everyone / Full Control
browsable
changenotify
show-previous-versions
5 entries were displayed.
查看vol01共享文件夹属性
DM5K::> vserver cifs share show -vserver svm -share-name vol01
Vserver: svm
Share: vol01
CIFS Server NetBIOS Name: FILENAS
Path: /vol01
Share Properties: browsable
changenotify
oplocks
show-previous-versions
Symlink Properties: symlinks
File Mode Creation Mask: -
Directory Mode Creation Mask: -
Share Comment: -
Share ACL: Everyone / Change
File Attribute Cache Lifetime: -
Volume Name: vol01
Offline Files: manual
Vscan File-Operations Profile: standard
Maximum Tree Connections on Share: 4294967295
UNIX Group for File Create: -
添加ABE属性
DM5K::> vserver cifs share properties add -vserver svm -share-name vol01 -share-properties access-based-enumeration
DM5K::> vserver cifs share show -vserver svm -share-name vol01
Vserver: svm
Share: vol01
CIFS Server NetBIOS Name: FILENAS
Path: /vol01
Share Properties: oplocks
browsable
changenotify
access-based-enumeration
show-previous-versions
Symlink Properties: symlinks
File Mode Creation Mask: -
Directory Mode Creation Mask: -
Share Comment: -
Share ACL: Everyone / Change
File Attribute Cache Lifetime: -
Volume Name: vol01
Offline Files: manual
Vscan File-Operations Profile: standard
Maximum Tree Connections on Share: 4294967295
UNIX Group for File Create: -
DM5K::> vserver cifs share properties remove -vserver svm -share-name vol01 -share-properties access-based-enumeration
移除ABE属性
DM5K::> vserver cifs share show -vserver svm -share-name vol01
Vserver: svm
Share: vol01
CIFS Server NetBIOS Name: FILENAS
Path: /vol01
Share Properties: oplocks
browsable
changenotify
show-previous-versions
Symlink Properties: symlinks
File Mode Creation Mask: -
Directory Mode Creation Mask: -
Share Comment: -
Share ACL: Everyone / Change
File Attribute Cache Lifetime: -
Volume Name: vol01
Offline Files: manual
Vscan File-Operations Profile: standard
Maximum Tree Connections on Share: 4294967295
UNIX Group for File Create: -