Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1879
  • Last Modified:

Remove File & Printer Sharing (XP and 7) via Group Policy

Hi Experts,

I have 60 machines in an AD OU, and would like to via group policy, have file and printer sharing removed or disabled from the properties of the Local Area Connection on all of them (XP 32 bit and 7 x64 bit).  

Can this be accomplished via a Group Policy setting (where is it?) or do I need to push a script out to the machines to get this done (keep in mind that not all of the ethernet cards are locally called "Local Area Connection" on all of the machines).

Will need a script/policy for Windows XP (more important) but would be nice also to know what setting needs to be modified to do this with Windows 7.
0
taki1gostek
Asked:
taki1gostek
  • 4
  • 4
  • 3
  • +2
1 Solution
 
mattclarifiedCommented:
Hi,

You can use Group Policy computer configuration to disable the server service which
will effectively disable file and print sharing on those computers. However this will also disable the ability to remote manage those machines, but if this is not an issue, this will be your best option.

M@
0
 
ComtekCommented:
What you need to do is disable the Server service.

You can do this in Group Policy by going to: Computer Configuration --> Windows Settings --> Security Settings --> System Services. Double Click your Server Service, Check "Define this policy setting" and select Disabled.
0
 
mattclarifiedCommented:
You could also disable the option under Computer configuration > Admin templates > Network > Network connections > Windows firewall > Domain Profile > Windows Firewall: Allow inbound file and printer sharing exception. This should deny all file and print traffic requests coming in, so will not make a difference if file and print sharing is turned on or not.

M@
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
ComtekCommented:
Or do both.
0
 
taki1gostekAuthor Commented:
no what i really need is to uncheck file and printer sharing from the local area connection properties, because as machines were rolled out and migrated to this domain, the file and print sharing was unchecked locally by admins, but we need the ability to turn it on again and off (as needed for different apps) using group policy...  so i guess if I can get a way to turn file and printer sharing on (the checkbox next to it in the properties of the lan), the opposite will work for what I currently need...  
0
 
taki1gostekAuthor Commented:
i need the server service on because remote management is important
0
 
mattclarifiedCommented:
Hi,

There is no way to turn it on or off using group policy, I would suggest turning it on for all machines by using snetcfg.exe, take a look at this thread which will point you in the right direction - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=125461&site_id=1#import

After you have enabled it for all machines, control it by using the firewall rules in group policy as I set out above

M@
0
 
ComtekCommented:
This can probably be done with Windows Scripting. I'm setting up an XP virtual machine right now to test it and will post back my results.
0
 
Adam BrownSr Solutions ArchitectCommented:
There isn't a default method for doing this through a GPO. However, it's possible to create a custom Administrative Template (ADM Templates) to configure the registry entries you need to modify to shut down File and Printer sharing without firewall configuration or shutting down services. The registry entries that need to be modified are here: http://www.pctools.com/guides/registry/detail/132

This is a guide for creating ADM templates: http://support.microsoft.com/kb/225087

Custom ADM templates work best on Windows 2003 and below. If you have Windows 2008 or Windows 7 with the Windows 2008 Remote Server Admin Tools installed on it, you can build a GPO that pushes the registry entries out using Group Policy Preferences. Info on that here: http://technet.microsoft.com/en-us/library/cc731892%28WS.10%29.aspx
There is also some information on handling ADMX templates (Windows 2008's ADM templates) in that section of Technet.
0
 
taki1gostekAuthor Commented:
Awesome thanks!
0
 
ComtekCommented:
Ok, this is the only thing I could come up with, and I tested that it works.

First, download snetcfg_wxp.exe from http://winpesoft.hp.infoseek.co.jp/winpe/arc/snetcfg_wxp.zip 

Then create a script that runs these commands:
snetcfg_wxp -u MS_Server
snetcfg_wxp -c s -i MS_Server

That will remove then reinstall the Server service. In the process it will automatically Check it in the network properties.

From then on if you need to enable/disable it you can is the firewall group policy setting or Server service setting in group policy as described above.
0
 
McKnifeCommented:
Also have a look at this thread - it's about configuring the firewall using a domain startup script and would hold a solution for you on the premise that ALL computers should share the same config. http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_Vista/Q_23558060.html
0
 
taki1gostekAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 4
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now