You mention you are operating in a Windows 2000 environment with 1 domain. Therefore I assume you are using Active Directory.
Have you looked at what Group Policies you may be able to enforce to block this non authenticated machine from browsing to known shares.
I believe you can do this by user but I would have to look into whether its possible by machine account as well. I forget where the policy is located but there is one I remember that blocks user accounts from browsing local neighbourhood etc.
I'll have a look on 4 Jan when I get into work for the relevant policy. I believe you should also be able to deny any machine accounts from browsing to shared folders.
I have looked at the Group Policy options and found a couple but they only work once someone is part of the domain.
But an alternative question comes to mind - how about going to the known shares and changing the share options?
For example go to the properties of the shared folder and add authenticated users as a group allowed to access the share, set the rights as you desire and then remove the everyone group if its there. I would recommend doing this via the Computer Management GUI rather than through Windows Explorer.
I have tested this briefly and it appears this means the user cannot access the share unless they log on to the domain, thus becoming an authenticated user.
You can then use group policies to limit what they can and cannot map to or access.
You would also need to make sure that the offender did not know how to access the administrative shares (Admin$, C$ D$ etc, IPC$ and others) on the machine hosting the shares. If they did know how to access these admin shares and they were part of the administrator, backup operators, or server operators group then they will have the rights to access the share. Therefore the only other technical option may be to delete the admin shares (but this may break some functionality so approach this with caution).
Hope this helps and let us know how it goes or if you need more help.