Re: Local Power Users Group

You cannot prevent them from browsing the list of machines
except by not running the Computer Browser and Workstation
services on the machines that they use.

To prevent them from looking into shares on machines you
need to make sure that they have no grants on those shares.

That means making sure that the account they use, or groups
in which it is a member, have no grants on those shares.
If you have granted that account (or its groups) access, then
you cannot expect the account to have no access. If the account
(or its groups) has no grants, then it will have no access.

The grants can be controlled at either the share level (the
permissions tab on the Sharing dialog) or the NTFS level
(the Security dialog) in the properties of the shared.

Roger

"GW" <GW@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9A0CD4D8-3B66-47E1-9717-BC6337855B59@xxxxxxxxxxxxxxxx
Its Ok that it doesn't really make it unavailable. I want to keep a user
from browsing the lists of what is there. Or, if they can browse the
list,
make them unable to open the domain controllers and see and access what's
on
the drivers. Is the OS capable of doing this and if so, can you give me
the
steps to follow to make the changes?
Thanks,
GW

"Roger Abell [MVP]" wrote:

Hiding My Network Places or otherwise crippling the ability
to browse the MS client/server network does not really make
anything unavailable, except browsing the list of what is there.

The issue you have is not that the account is a Power User on
some machine. The issue is what grants exist to the account
of the domain that they are using, or to groups of which it is a
member, and this is so whether we consider the grants on the
domain controllers or on other servers that they access.

Roger

"GW" <GW@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F2A52A37-8202-45EA-8951-522FD0972AFF@xxxxxxxxxxxxxxxx
Currently a user who is in the local Power Users group can open My
Network
Places and see all computers and servers listed. When they try to open
a
member server or a computer, they are prompted for a network
administrators
password. But, they are able to open a domain controller and have
Write
access to the domain controller. Is there a way to restrict/disable a
Power
User from accessing Domain Controllers on the network? Or better yet,
hide/disable My Network Places for Power Users Group?
Thanks,
GW





.

Relevant Pages

  • Re: IIS integrated windows authentification suddenly failes for some ?
    ... > checking the sites lists for intranet, trusted, and restricted Web Content ... >> account" on the IIS server. ... >> another user account on one of the failing XP machines it works fine. ...
    (microsoft.public.win2000.security)
  • Re: GAIN $50,000 LEGALLY WITH PAYPAL
    ... WE CAN WORK TOGETHER AND MAKE MONEY USING PAYPAL ... PayPal account will have several hundred dollars deposited into it ... sent out 100 copies to emails and 300 copies on newsgroups to further ... work to get started - no mailing lists. ...
    (sci.med.dentistry)
  • Re: GAIN $50,000 LEGALLY WITH PAYPAL
    ... WE CAN WORK TOGETHER AND MAKE MONEY USING PAYPAL ... PayPal account will have several hundred dollars deposited into it ... sent out 100 copies to emails and 300 copies on newsgroups to further ... work to get started - no mailing lists. ...
    (sci.med.dentistry)
  • Re: make money on the internet using paypal
    ... money online? ... $50,000 dollars in your PayPal account ... and include in the e-mail: "Payment for Internet Marketing ... lists of email addresses from a reputable mailing list company. ...
    (sci.math)
  • Re: make money online from home {using|with} paypal fast
    ... money online? ... $50,000 dollars in your PayPal account ... and include in the e-mail: "Payment for Internet Marketing ... lists of email addresses from a reputable mailing list company. ...
    (sci.math)