Solved

I want to restrict a user from seeing other computers on the network windows 2003 server

Posted on 2007-11-20
14
287 Views
Last Modified: 2010-04-21
Novice in networking.
I want to restrict a user from seeing other computers on the network windows 2003 server

the server runs windows 2003. it is not on the domain, ( in WORKGROUP). The server is setup to be accessible from outside world using a initial CISCO VPN client connection.
I have created local users ( in teh server ) within the users group ( and remote users group too) so they can then RDC in to the server.
Now I want to do the following:
1. when the user opens windows explorer ( or any similar ) they must NOT see or be able to search and find any other computer on the network.
2. The users mut NOT be able to run a remote descktop session to any other computer on the network.

Currentlly this is possible - however of course they must know a valid loging and password to access any other computer. But I want them not to "see" the computers in teh first place.

any help is apreciated.
0
Comment
Question by:indikad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
  • +1
14 Comments
 
LVL 7

Assisted Solution

by:mcse2007
mcse2007 earned 50 total points
ID: 20325848
0
 
LVL 2

Accepted Solution

by:
accrain earned 100 total points
ID: 20326007
I would just remove them from the workgroup completely, or change the workgroup that they belong to. Since you are not running a domain is more difficult to control access to the network. Also you could disable "Client for Microsoft Networks" in their network connection settings. They will no longer be able to connect with any network until that is reenabled.
0
 

Author Comment

by:indikad
ID: 20332028
The soulution from  mcse2007 : This is to" Hide a Windows 2000-Based Computer from the Browser List "

I need this to be the other way around , I want other PCs and servers not be visible to this one. I cannot apply the above solution to all other servers, since they need to be accessed by other authorised users.  Correct me if Ive got things mixed up.

The soulution from accrain: can you pls elaborate on this? how do I remove them from the workgroup or change the workgroup ? The name workgroup is what the installation defaulted to.
<<Also you could disable "Client for Microsoft Networks" in their network connection settings.>>
how do I do this pls?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 2

Expert Comment

by:accrain
ID: 20332138
This will remove them from the network completely. No one can view that machine and vice versa. Go to Start >>Settings >> Control Panel >> Network Connections >> right click on the network connection that is being used to connect to the network and go to Properties. >> uncheck the box that is next to 'Client for Microsoft Networks' and might as well uncheck  'File and Printer Sharing for Microsoft Networks' for good measure. Click on OK and restart the computer. Hope this helps.
0
 

Author Comment

by:indikad
ID: 20332210
would this also shut the server away for other authorised users ?
There are other legitimate users who must be able to see this server from the network.
0
 
LVL 2

Expert Comment

by:accrain
ID: 20333238
This will shut down access to any network resource to and from that computer. If there are other users that use this machine then they will also lose access.
0
 

Author Comment

by:indikad
ID: 20336837
Thanks for the interest taken to answer this, but none of this does not help me, since I still want teh other users to have access and have only some users denied access.
0
 
LVL 2

Expert Comment

by:accrain
ID: 20337137
If you need to block access to the network for some users and allow it for others you will need to setup a domain. With a workgroup there would be no way to accomplish this. http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm, here is a step-by-step walk through of how to setup Active Directory.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20337579
You could consider moving this server into a DMZ.  Then, on your firewall, you block all access from this server to your network.

This approach does not require Active Directory, DHCP, DNS, etc., but it may require a better firewall configuration.

Am I right in thinking that you want to allow access to this server alone, or does this server need access to internal network services such as Exchange?

Moving this server into a DMZ is still your best bet, though.  Active Directory is good, but does not meet your security needs, and you should have a minimium of 2 AD servers for resiliency.
0
 
LVL 2

Expert Comment

by:accrain
ID: 20337725
Moving the server to a DMZ will open it to serveral vunlerabilities as it will not be protected by the hardware firewall, I would not recommend this solution due to the SEVER security threat. Also AD can be utilized without having to use the server as DNS or DHCP if the gateway address is pointed to the Router.

AD is much more secure considering it's using the hardware firewall that is built into the router that you are using and also requires more authentication then even the workgroup that is currently configured. This approach would be easier to configure but much less secure.
0
 
LVL 2

Expert Comment

by:accrain
ID: 20337732
By "This approach" I am talking about the propsed fix by SteveH not Active Directory. Hope this helps.
0
 
LVL 19

Assisted Solution

by:SteveH_UK
SteveH_UK earned 50 total points
ID: 20337824
accrain:  I think you misunderstood me.  There is no reason why a DMZ shouldn't be protected by a firewall.  I am not suggesting a home-user type DMZ that really isn't a dmz at all.

I am talking about the logical separation of a network into three areas:  Internet, DMZ, Internal.  All of which are controlled by a decent firewall.  This is called a three-leg configuration and is standard.

Most hosters and enterprise organisations use this configuration to some degree or other.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20337825
This can normally be achieved with a single firewall which has a minimum of three network interfaces.
0
 

Author Closing Comment

by:indikad
ID: 31410301
even though I did not receve a solution for my issue, I have learned a few tips from this excercise. Thanks.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question