Truenas 12 – Access Based Share Enumeration – Hide folders from users without read/write access

Truenas 12 – Access Based Share Enumeration – Hide folders from users without read/write access

I took me forever to figure this out working the way I wanted. What I basically wanted was User A to not see User B’s folders. A more detailed explanation can be found here.
https://www.reddit.com/r/truenas/comments/lb344p/smb_access_based_enumeration_not_working_for/

If your problem is similar to the reddit post. These instructions should work for you too.

  1. You’ll want to figure out which user you don’t want to see on a specific folder. You will need SID. You can get a USER SID or GROUP SID.
    Here are the commands used to do so.
  2. For Group SID

3. For User SID

4. Copy the Group or User SID you want to Deny from the specified Share

5. Go to the share you want this to be applied to click the vertical elliptical buttons, and select “Edit Share ACL”

6. Add the SID and give it a name. Set permission to READ DENIED. This is the GROUP of users I don’t want to be able to even view the share.


7. Save

8. Now go back to the share and select Advanced Options and checkbox “Access Based Share Enumeration”

9. Permissions will depend upon how you setup share ACLs. But now my Family Group can view the folder, and my Public Group cannot even browse to it.
Here’s a screen shot from a user in the Public Group, and the folder Spencer does not show up in Windows Explorer.

Here is a screen shot of my Family user

Comments are closed.