Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: LAN access

Re: LAN access 14 years 1 week ago #6555

You mention you are operating in a Windows 2000 environment with 1 domain. Therefore I assume you are using Active Directory.

Have you looked at what Group Policies you may be able to enforce to block this non authenticated machine from browsing to known shares.

I believe you can do this by user but I would have to look into whether its possible by machine account as well. I forget where the policy is located but there is one I remember that blocks user accounts from browsing local neighbourhood etc.

I'll have a look on 4 Jan when I get into work for the relevant policy. I believe you should also be able to deny any machine accounts from browsing to shared folders.

I'll post on 4 Jan GMT

Re: LAN access 14 years 1 week ago #6581

I have looked at the Group Policy options and found a couple but they only work once someone is part of the domain.

But an alternative question comes to mind - how about going to the known shares and changing the share options?

For example go to the properties of the shared folder and add authenticated users as a group allowed to access the share, set the rights as you desire and then remove the everyone group if its there. I would recommend doing this via the Computer Management GUI rather than through Windows Explorer.

I have tested this briefly and it appears this means the user cannot access the share unless they log on to the domain, thus becoming an authenticated user.

You can then use group policies to limit what they can and cannot map to or access.

You would also need to make sure that the offender did not know how to access the administrative shares (Admin$, C$ D$ etc, IPC$ and others) on the machine hosting the shares. If they did know how to access these admin shares and they were part of the administrator, backup operators, or server operators group then they will have the rights to access the share. Therefore the only other technical option may be to delete the admin shares (but this may break some functionality so approach this with caution).

Hope this helps and let us know how it goes or if you need more help.
  • Page:
  • 1
  • 2
Time to create page: 0.146 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup