Re: Stop Browsing for computers
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 7 Nov 2007 18:51:21 -0600
Unless you disable netbios over tcp/ip for the domain and then manage
permissions on AD objects you are not going to have much luck and that is
something to NOT consider without a lot of testing as things may break.
http://support.microsoft.com/kb/313314 --- disable netbios over tcp/ip
http://support.microsoft.com/kb/299977/ --- more info on the same with some
ramifications shown
You can hide computers running file and print sharing from appearing in the
browse list [ net config server /hidden:yes|no ] and also hide shares by
naming them with a $ after the name though that is not foolproof either. In
my opinion your best bet is to not worry about it but to make sure that
users have access to only those shared resources they need by managing share
and folder permissions and user rights [access this computer from the
network] with the best practice of least user privilege. Windows Firewall
and ipsec policies can also be used to prevent access to computers for
specific services and both can be managed via Group Policy
You can also use access based enumeration on Windows 2003 servers so that
users can not see folders within a share unless they have read permission
for the folder.
Steve
http://www.windowsnetworking.com/articles_tutorials/Implementing-Access-Based-Enumeration-Windows-Server-2003.html
--- ABE
"WMB" <noreply@xxxxxxxxxxx> wrote in message
news:%23187O9SIIHA.1316@xxxxxxxxxxxxxxxxxxxxxxx
Hello there
Is there a way to stop Mac and PC users from Browsing all my computers in
my windows 2003r2 domain.?
.
- References:
- Stop Browsing for computers
- From: WMB
- Stop Browsing for computers
- Prev by Date: Re: Terminal Services Security Issue with Cached Credentials
- Next by Date: Re: Anonymous Access to Shared Folder
- Previous by thread: Stop Browsing for computers
- Index(es):
Relevant Pages
|
