Minimizing the performance hit from using ABE

by Mitch Tulloch [Published on 10 Oct. 2006 / Last Updated on 10 Oct. 2006]

How to minimize the performance hit from using ABE.

If you plan on using Access-Based Enumeration (ABE) on your Windows Server 2003 R2 file servers, you need to be aware of its impact on performance. Because ABE hides the ability for users to see files and folders within a network share unless they have permissions that grant them access to a file or folder, this means ABE has to evaluate the permissions on subfolders under the current folder whenever you want to access a file within a subfolder. (Without ABE, only the permissions on the current folder need to be evaluated.) This means that you can minimize the performance impact of ABE by not nesting folders too deeply on your file servers or by avoiding using ABE altogether on deeply-nested portions of your file structure on network file servers.

For more information about using ABE, see my article titled Implementing Access-Based Enumeration in Windows Server 2003 R2 here on WindowsNetworking.com.

***

Mitch Tulloch is President of MTIT Enterprises, an IT content development company based in Winnipeg, Canada. Prior to starting his own company in 1998, Mitch worked as a Microsoft Certified Trainer (MCT) for Productivity Point International. Mitch is a widely recognized expert on Windows administration, networking and security and has written 14 books and over a hundred articles on various topics. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy Microsoft platforms, products and solutions. Mitch is also a professor at Jones International University (JIU) where he teaches graduate-level courses in Information Security Management (ISM) for their Masters of Business Administration (MBA) program. For more information see http://www.mtit.com.

See Also

Featured Links