THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Server Enterprise version 6.1 and later installed on Windows 2008 R2
A very common request is for EFT Server to hide folders/files from users that they do not have permissions to
access through an AD-authenticated Site. This is easily accomplished on a GSAUTH
Site or an LDAP Site, because EFT Server manages all of the permissions. However, with AD
authentication, EFT Server relies on the response from the NTFS permissions. NTFS, by default, does not natively have the ability to hide these files on local directories;
however, in Windows Server 2008, you can work around this by enabling Access Based Enumeration (ABE.)
Information about ABE can be found on
Microsoft’s website, but
for the purposes of this article, we provide only the instructions on how to set
it up for EFT Server.
To hide files/folders from EFT Server users based on NTFS Permissions
- Create a Windows share to the Site's root directory that you want the Site in EFT Server to use (\\servername\adauth).
- Enable SMB Protocol for the share.
- When configuring SMB Settings, under the Advanced section,
on the User Limits tab, select the Enable access-based enumeration (ABE)
check box, then click OK.
- When prompted for permissions, click Administrators have Full Control;
all other users and groups have only Read access and Write access.
- Continue with the remaining options at your discretion to complete the Share setup.
- Open the EFT Server administration interface.
- Click (or create) the Site you want to use and configure the Site root to use \\loclahost\(sharename).