Thank you for your reply.
1) Yes, I shared the folder as \\domain\share.
2) Domain root.
3) Yes, right click the root in the DFS management, and then add new link.
4) Yes, I did know the information in the Microsoft knowledge base website.
That is why use the cacls to manually set the ACL.
Anxiously waiting for your reply.
Post by Brandy Nee [MSFT]
Thank you for posting to the SBS Newsgroup.
I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
I am sorry that did not reply you in time due to high work volume today.
I understand that you installed ABE on both SBS 2K3 Server and Windows
Server 2003, and you cannot see any shared folders on Windows Server 2003
from SBS 2K3 Server unless turned off ABE. If I have misunderstood your
concern, please let me know.
Due to lack of information, I need your help to gather following
1. Just double confirm, did you access the shared folder by
2. You mentioned "they also host their own DFS root", which root type did
you choose, "stand alone root" or "Domain root"?
3. You mentioned "I add link to the DFS of SBS 2003", I need to know how
you add link to DFS. Do you mean in the DFS Management, right click the
root target you created and select New Link?
If the ACL on the DFS link is not set to match the ACL on the target then
a. If the ACL on the link is more restrictive than the ACL on the target,
then while enumeration, the link will not be displayed. However, if the
user knows the name of the link through some other means, then they would
be able to browse to that path and see the contents of the target.
b. If the ACL on the link is less restrictive than the ACL on the target,
then while enumeration, the link will be displayed but if the user browses
to the link then they will see an "access Denied" message.
Please take your time to gather the information, and I am looking forward
to hearing from you!
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
This posting is provided "AS IS" with no warranties, and confers no rights.
Subject: ABE in a DFS Environment
Date: Fri, 16 Dec 2005 19:44:17 ?
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
NNTP-Posting-Host: aworklan003148.netvigator.com 220.127.116.11
Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:230668
I am having a problem in ABE (Access-based Enumeration) in a DFS
(Distributed Files System) environment.
Hong Kong server: SBS 2003 SP1
China Server: Windows Server 2003 Standard SP1
These two servers connected together by VPN in same domain but with
different subnet (192.168.0.X and 192.168.1.X). Both servers are installed
with ABE (by using ABEUI utility).
Both servers have their own shared folder and they also host their own DFS
root. Then, I added some links to the DFS of Win2K3 Standard. The target
some shared folders in SBS 2003. It works fine. However, it does not work
when I made the same procedure to the SBS 2003, meaning, I add link to the
DFS of SBS 2003 while the target of the link is Win2K3. The target folder
does not show up in Windows Explorer unless I turn off the ABE.
It seems to me that the ACL on the link does not allow me to access the
target even though I did set full control in the target folder (both in
"Share" and "Security").
I tried to use Cacls utility to verify the ACL. But the link is exactly
same as the target ! (I even manually set the link and target ACL. But no
Is there any problem in the AD? How can I fix it? Any help would be highly