I want to restrict a user from seeing other computers on the network windows 2003 server

Novice in networking.
I want to restrict a user from seeing other computers on the network windows 2003 server

the server runs windows 2003. it is not on the domain, ( in WORKGROUP). The server is setup to be accessible from outside world using a initial CISCO VPN client connection.
I have created local users ( in teh server ) within the users group ( and remote users group too) so they can then RDC in to the server.
Now I want to do the following:
1. when the user opens windows explorer ( or any similar ) they must NOT see or be able to search and find any other computer on the network.
2. The users mut NOT be able to run a remote descktop session to any other computer on the network.

Currentlly this is possible - however of course they must know a valid loging and password to access any other computer. But I want them not to "see" the computers in teh first place.

any help is apreciated.
indikadAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
accrainConnect With a Mentor Commented:
I would just remove them from the workgroup completely, or change the workgroup that they belong to. Since you are not running a domain is more difficult to control access to the network. Also you could disable "Client for Microsoft Networks" in their network connection settings. They will no longer be able to connect with any network until that is reenabled.
0
 
mcse2007Connect With a Mentor Commented:
0
 
indikadAuthor Commented:
The soulution from  mcse2007 : This is to" Hide a Windows 2000-Based Computer from the Browser List "

I need this to be the other way around , I want other PCs and servers not be visible to this one. I cannot apply the above solution to all other servers, since they need to be accessed by other authorised users.  Correct me if Ive got things mixed up.

The soulution from accrain: can you pls elaborate on this? how do I remove them from the workgroup or change the workgroup ? The name workgroup is what the installation defaulted to.
<<Also you could disable "Client for Microsoft Networks" in their network connection settings.>>
how do I do this pls?
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
accrainCommented:
This will remove them from the network completely. No one can view that machine and vice versa. Go to Start >>Settings >> Control Panel >> Network Connections >> right click on the network connection that is being used to connect to the network and go to Properties. >> uncheck the box that is next to 'Client for Microsoft Networks' and might as well uncheck  'File and Printer Sharing for Microsoft Networks' for good measure. Click on OK and restart the computer. Hope this helps.
0
 
indikadAuthor Commented:
would this also shut the server away for other authorised users ?
There are other legitimate users who must be able to see this server from the network.
0
 
accrainCommented:
This will shut down access to any network resource to and from that computer. If there are other users that use this machine then they will also lose access.
0
 
indikadAuthor Commented:
Thanks for the interest taken to answer this, but none of this does not help me, since I still want teh other users to have access and have only some users denied access.
0
 
accrainCommented:
If you need to block access to the network for some users and allow it for others you will need to setup a domain. With a workgroup there would be no way to accomplish this. http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm, here is a step-by-step walk through of how to setup Active Directory.
0
 
SteveH_UKCommented:
You could consider moving this server into a DMZ.  Then, on your firewall, you block all access from this server to your network.

This approach does not require Active Directory, DHCP, DNS, etc., but it may require a better firewall configuration.

Am I right in thinking that you want to allow access to this server alone, or does this server need access to internal network services such as Exchange?

Moving this server into a DMZ is still your best bet, though.  Active Directory is good, but does not meet your security needs, and you should have a minimium of 2 AD servers for resiliency.
0
 
accrainCommented:
Moving the server to a DMZ will open it to serveral vunlerabilities as it will not be protected by the hardware firewall, I would not recommend this solution due to the SEVER security threat. Also AD can be utilized without having to use the server as DNS or DHCP if the gateway address is pointed to the Router.

AD is much more secure considering it's using the hardware firewall that is built into the router that you are using and also requires more authentication then even the workgroup that is currently configured. This approach would be easier to configure but much less secure.
0
 
accrainCommented:
By "This approach" I am talking about the propsed fix by SteveH not Active Directory. Hope this helps.
0
 
SteveH_UKConnect With a Mentor Commented:
accrain:  I think you misunderstood me.  There is no reason why a DMZ shouldn't be protected by a firewall.  I am not suggesting a home-user type DMZ that really isn't a dmz at all.

I am talking about the logical separation of a network into three areas:  Internet, DMZ, Internal.  All of which are controlled by a decent firewall.  This is called a three-leg configuration and is standard.

Most hosters and enterprise organisations use this configuration to some degree or other.
0
 
SteveH_UKCommented:
This can normally be achieved with a single firewall which has a minimum of three network interfaces.
0
 
indikadAuthor Commented:
even though I did not receve a solution for my issue, I have learned a few tips from this excercise. Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.