Block users from using UNC convention to see shares
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
Block users from using UNC convention to see shares

 
Post new topic   Reply to topic    Windows Server Forum Index -> Small Business Server 2003
Author Message
Anthony May
Guest
Posted: Thu Jan 20, 2005 3:17 am    Post subject: Block users from using UNC convention to see shares Reply with quote
This is my scenario:

I have users that need to be able to log onto the domain remotely but not
able to access any of the resources on the Terminal Server they are connected
to, or another file server. To this end I have done the following:

- Created a custom GPO which removes the My Network Places from the desktop,
and denies the ability to browse the network (Expanding Entire Network ->
Microsoft Windows Network and such)

- Created a group with Deny Full Control to the C: Drive and added a test user

My boss would prefer that the shares not be seen if some savvy user figured
out the name of the file server and did the UNC (\\servername). I know that
you can add a $ to hide the shares, but this will make it for regular users
to browse the shared folders they need to access. Is there a way to deny a
user the ability to use the UNC convention?

Thanks,

Anthony May
Back to top
Tony Su
Guest
Posted: Thu Jan 20, 2005 4:57 am    Post subject: RE: Block users from using UNC convention to see shares Reply with quote
Create a Security Group for your TS Users, then deny that group access to
your Shares.

If you do this, you might not have to do all the other stuff you did because
even if they have access to various network tools they'll still be denied
access to resources.

Tony

"Anthony May" wrote:

Quote:
This is my scenario:

I have users that need to be able to log onto the domain remotely but not
able to access any of the resources on the Terminal Server they are connected
to, or another file server. To this end I have done the following:

- Created a custom GPO which removes the My Network Places from the desktop,
and denies the ability to browse the network (Expanding Entire Network -
Microsoft Windows Network and such)

- Created a group with Deny Full Control to the C: Drive and added a test user

My boss would prefer that the shares not be seen if some savvy user figured
out the name of the file server and did the UNC (\\servername). I know that
you can add a $ to hide the shares, but this will make it for regular users
to browse the shared folders they need to access. Is there a way to deny a
user the ability to use the UNC convention?

Thanks,

Anthony May
Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> Small Business Server 2003 All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB