Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 297
  • Last Modified:

I want to restrict a user from seeing other computers on the network windows 2003 server

Novice in networking.
I want to restrict a user from seeing other computers on the network windows 2003 server

the server runs windows 2003. it is not on the domain, ( in WORKGROUP). The server is setup to be accessible from outside world using a initial CISCO VPN client connection.
I have created local users ( in teh server ) within the users group ( and remote users group too) so they can then RDC in to the server.
Now I want to do the following:
1. when the user opens windows explorer ( or any similar ) they must NOT see or be able to search and find any other computer on the network.
2. The users mut NOT be able to run a remote descktop session to any other computer on the network.

Currentlly this is possible - however of course they must know a valid loging and password to access any other computer. But I want them not to "see" the computers in teh first place.

any help is apreciated.
0
indikad
Asked:
indikad
  • 6
  • 4
  • 3
  • +1
3 Solutions
 
mcse2007Commented:
0
 
accrainCommented:
I would just remove them from the workgroup completely, or change the workgroup that they belong to. Since you are not running a domain is more difficult to control access to the network. Also you could disable "Client for Microsoft Networks" in their network connection settings. They will no longer be able to connect with any network until that is reenabled.
0
 
indikadAuthor Commented:
The soulution from  mcse2007 : This is to" Hide a Windows 2000-Based Computer from the Browser List "

I need this to be the other way around , I want other PCs and servers not be visible to this one. I cannot apply the above solution to all other servers, since they need to be accessed by other authorised users.  Correct me if Ive got things mixed up.

The soulution from accrain: can you pls elaborate on this? how do I remove them from the workgroup or change the workgroup ? The name workgroup is what the installation defaulted to.
<<Also you could disable "Client for Microsoft Networks" in their network connection settings.>>
how do I do this pls?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
accrainCommented:
This will remove them from the network completely. No one can view that machine and vice versa. Go to Start >>Settings >> Control Panel >> Network Connections >> right click on the network connection that is being used to connect to the network and go to Properties. >> uncheck the box that is next to 'Client for Microsoft Networks' and might as well uncheck  'File and Printer Sharing for Microsoft Networks' for good measure. Click on OK and restart the computer. Hope this helps.
0
 
indikadAuthor Commented:
would this also shut the server away for other authorised users ?
There are other legitimate users who must be able to see this server from the network.
0
 
accrainCommented:
This will shut down access to any network resource to and from that computer. If there are other users that use this machine then they will also lose access.
0
 
indikadAuthor Commented:
Thanks for the interest taken to answer this, but none of this does not help me, since I still want teh other users to have access and have only some users denied access.
0
 
accrainCommented:
If you need to block access to the network for some users and allow it for others you will need to setup a domain. With a workgroup there would be no way to accomplish this. http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm, here is a step-by-step walk through of how to setup Active Directory.
0
 
SteveH_UKCommented:
You could consider moving this server into a DMZ.  Then, on your firewall, you block all access from this server to your network.

This approach does not require Active Directory, DHCP, DNS, etc., but it may require a better firewall configuration.

Am I right in thinking that you want to allow access to this server alone, or does this server need access to internal network services such as Exchange?

Moving this server into a DMZ is still your best bet, though.  Active Directory is good, but does not meet your security needs, and you should have a minimium of 2 AD servers for resiliency.
0
 
accrainCommented:
Moving the server to a DMZ will open it to serveral vunlerabilities as it will not be protected by the hardware firewall, I would not recommend this solution due to the SEVER security threat. Also AD can be utilized without having to use the server as DNS or DHCP if the gateway address is pointed to the Router.

AD is much more secure considering it's using the hardware firewall that is built into the router that you are using and also requires more authentication then even the workgroup that is currently configured. This approach would be easier to configure but much less secure.
0
 
accrainCommented:
By "This approach" I am talking about the propsed fix by SteveH not Active Directory. Hope this helps.
0
 
SteveH_UKCommented:
accrain:  I think you misunderstood me.  There is no reason why a DMZ shouldn't be protected by a firewall.  I am not suggesting a home-user type DMZ that really isn't a dmz at all.

I am talking about the logical separation of a network into three areas:  Internet, DMZ, Internal.  All of which are controlled by a decent firewall.  This is called a three-leg configuration and is standard.

Most hosters and enterprise organisations use this configuration to some degree or other.
0
 
SteveH_UKCommented:
This can normally be achieved with a single firewall which has a minimum of three network interfaces.
0
 
indikadAuthor Commented:
even though I did not receve a solution for my issue, I have learned a few tips from this excercise. Thanks.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 6
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now