Solved

I want to restrict a user from seeing other computers on the network windows 2003 server

Posted on 2007-11-20
14
272 Views
Last Modified: 2010-04-21
Novice in networking.
I want to restrict a user from seeing other computers on the network windows 2003 server

the server runs windows 2003. it is not on the domain, ( in WORKGROUP). The server is setup to be accessible from outside world using a initial CISCO VPN client connection.
I have created local users ( in teh server ) within the users group ( and remote users group too) so they can then RDC in to the server.
Now I want to do the following:
1. when the user opens windows explorer ( or any similar ) they must NOT see or be able to search and find any other computer on the network.
2. The users mut NOT be able to run a remote descktop session to any other computer on the network.

Currentlly this is possible - however of course they must know a valid loging and password to access any other computer. But I want them not to "see" the computers in teh first place.

any help is apreciated.
0
Comment
Question by:indikad
  • 6
  • 4
  • 3
  • +1
14 Comments
 
LVL 7

Assisted Solution

by:mcse2007
mcse2007 earned 50 total points
ID: 20325848
0
 
LVL 2

Accepted Solution

by:
accrain earned 100 total points
ID: 20326007
I would just remove them from the workgroup completely, or change the workgroup that they belong to. Since you are not running a domain is more difficult to control access to the network. Also you could disable "Client for Microsoft Networks" in their network connection settings. They will no longer be able to connect with any network until that is reenabled.
0
 

Author Comment

by:indikad
ID: 20332028
The soulution from  mcse2007 : This is to" Hide a Windows 2000-Based Computer from the Browser List "

I need this to be the other way around , I want other PCs and servers not be visible to this one. I cannot apply the above solution to all other servers, since they need to be accessed by other authorised users.  Correct me if Ive got things mixed up.

The soulution from accrain: can you pls elaborate on this? how do I remove them from the workgroup or change the workgroup ? The name workgroup is what the installation defaulted to.
<<Also you could disable "Client for Microsoft Networks" in their network connection settings.>>
how do I do this pls?
0
 
LVL 2

Expert Comment

by:accrain
ID: 20332138
This will remove them from the network completely. No one can view that machine and vice versa. Go to Start >>Settings >> Control Panel >> Network Connections >> right click on the network connection that is being used to connect to the network and go to Properties. >> uncheck the box that is next to 'Client for Microsoft Networks' and might as well uncheck  'File and Printer Sharing for Microsoft Networks' for good measure. Click on OK and restart the computer. Hope this helps.
0
 

Author Comment

by:indikad
ID: 20332210
would this also shut the server away for other authorised users ?
There are other legitimate users who must be able to see this server from the network.
0
 
LVL 2

Expert Comment

by:accrain
ID: 20333238
This will shut down access to any network resource to and from that computer. If there are other users that use this machine then they will also lose access.
0
 

Author Comment

by:indikad
ID: 20336837
Thanks for the interest taken to answer this, but none of this does not help me, since I still want teh other users to have access and have only some users denied access.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 2

Expert Comment

by:accrain
ID: 20337137
If you need to block access to the network for some users and allow it for others you will need to setup a domain. With a workgroup there would be no way to accomplish this. http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm, here is a step-by-step walk through of how to setup Active Directory.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20337579
You could consider moving this server into a DMZ.  Then, on your firewall, you block all access from this server to your network.

This approach does not require Active Directory, DHCP, DNS, etc., but it may require a better firewall configuration.

Am I right in thinking that you want to allow access to this server alone, or does this server need access to internal network services such as Exchange?

Moving this server into a DMZ is still your best bet, though.  Active Directory is good, but does not meet your security needs, and you should have a minimium of 2 AD servers for resiliency.
0
 
LVL 2

Expert Comment

by:accrain
ID: 20337725
Moving the server to a DMZ will open it to serveral vunlerabilities as it will not be protected by the hardware firewall, I would not recommend this solution due to the SEVER security threat. Also AD can be utilized without having to use the server as DNS or DHCP if the gateway address is pointed to the Router.

AD is much more secure considering it's using the hardware firewall that is built into the router that you are using and also requires more authentication then even the workgroup that is currently configured. This approach would be easier to configure but much less secure.
0
 
LVL 2

Expert Comment

by:accrain
ID: 20337732
By "This approach" I am talking about the propsed fix by SteveH not Active Directory. Hope this helps.
0
 
LVL 19

Assisted Solution

by:SteveH_UK
SteveH_UK earned 50 total points
ID: 20337824
accrain:  I think you misunderstood me.  There is no reason why a DMZ shouldn't be protected by a firewall.  I am not suggesting a home-user type DMZ that really isn't a dmz at all.

I am talking about the logical separation of a network into three areas:  Internet, DMZ, Internal.  All of which are controlled by a decent firewall.  This is called a three-leg configuration and is standard.

Most hosters and enterprise organisations use this configuration to some degree or other.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20337825
This can normally be achieved with a single firewall which has a minimum of three network interfaces.
0
 

Author Closing Comment

by:indikad
ID: 31410301
even though I did not receve a solution for my issue, I have learned a few tips from this excercise. Thanks.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now