Truenas 12 – Access Based Share Enumeration – Hide folders from users without read/write access
I took me forever to figure this out working the way I wanted. What I basically wanted was User A to not see User B’s folders. A more detailed explanation can be found here.
https://www.reddit.com/r/truenas/comments/lb344p/smb_access_based_enumeration_not_working_for/
If your problem is similar to the reddit post. These instructions should work for you too.
- You’ll want to figure out which user you don’t want to see on a specific folder. You will need SID. You can get a USER SID or GROUP SID.
Here are the commands used to do so. - For Group SID
![](http://192.168.10.72:8087/wp-content/uploads/2021/03/GroupSID.png)
3. For User SID
![](http://192.168.10.72:8087/wp-content/uploads/2021/03/UserSID.png)
4. Copy the Group or User SID you want to Deny from the specified Share
![](http://192.168.10.72:8087/wp-content/uploads/2021/03/Deny.png)
5. Go to the share you want this to be applied to click the … vertical elliptical buttons, and select “Edit Share ACL”
6. Add the SID and give it a name. Set permission to READ DENIED. This is the GROUP of users I don’t want to be able to even view the share.
![](http://192.168.10.72:8087/wp-content/uploads/2021/03/2021_03_26_12_35_15_TrueNAS_192.168.10.15-1024x492.png)
7. Save
8. Now go back to the share and select Advanced Options and checkbox “Access Based Share Enumeration”
![](http://192.168.10.72:8087/wp-content/uploads/2021/03/AllowABSE-1024x618.png)
9. Permissions will depend upon how you setup share ACLs. But now my Family Group can view the folder, and my Public Group cannot even browse to it.
Here’s a screen shot from a user in the Public Group, and the folder Spencer does not show up in Windows Explorer.
![](http://192.168.10.72:8087/wp-content/uploads/2021/03/FolderMissing-1024x579.png)
Here is a screen shot of my Family user
![](http://192.168.10.72:8087/wp-content/uploads/2021/03/FolderPresent-1024x528.png)