TIP: Turn off ABE to fix Mavericks ACL Windows Server glitches
Jacob Snyder sent and update to his report posted on Monday with the solution to his problem with Mavericks Mac clients breaking ACL permissions on Windows Servers. This is his fix:
It ended up being a combination of using Access Based Enumeration and SMB2. By disabling ABE on the Windows server and forcing SMB1 on the Mac client the error went away. Apple was able to replicate it on their end and the case was moved to product engineering.
If you’ve tried this fix let us know.
Access Based Enumeration is a feature Windows Server 2003 and later that hides files and folders that a user does not have permission to read. Microsoft describes it:
If a user does not have Read (or equivalent) permissions for a folder, Windows hides the folder from the user’s view. This feature is active only when viewing files and folders in a shared folder; it is not active when viewing files and folders in the local file system.
Access-based enumeration can be manually enabled or disabled on individual shared folders and volumes by using Share and Storage Management. This snap-in is available after a folder or volume has been shared. You can access Share and Storage Management in the File Services server role in Server Manager, and in Administrative Tools. You can also install it manually in Server Manager by adding the File Server role service to File Services.
There are two ways to enable and disable access-based enumeration by using Share and Storage Management:
Share a folder or volume by using the Provision a Shared Folder Wizard. If you select the SMB protocol on the Share Protocols page of the Provision a Shared Folder Wizard, the advanced settings options on the SMB Settings page includes the option to enable access-based enumeration on the shared folder or volume. (To see the advanced settings options, on the SMB Settings page of the wizard, click Advanced).
Change the properties of an existing shared folder or volume. To change the properties of an existing shared folder or volume, on the Shares tab of Share and Storage Management, click the shared folder or volume, and then click Properties in the Action pane. The information under Advanced settings displays whether access-based enumeration is enabled. Click Advanced and then select or clear the Enable access-based enumeration check box.