[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1867
  • Last Modified:

Remove File & Printer Sharing (XP and 7) via Group Policy

Hi Experts,

I have 60 machines in an AD OU, and would like to via group policy, have file and printer sharing removed or disabled from the properties of the Local Area Connection on all of them (XP 32 bit and 7 x64 bit).  

Can this be accomplished via a Group Policy setting (where is it?) or do I need to push a script out to the machines to get this done (keep in mind that not all of the ethernet cards are locally called "Local Area Connection" on all of the machines).

Will need a script/policy for Windows XP (more important) but would be nice also to know what setting needs to be modified to do this with Windows 7.
0
taki1gostek
Asked:
taki1gostek
  • 4
  • 4
  • 3
  • +2
1 Solution
 
mattclarifiedCommented:
Hi,

You can use Group Policy computer configuration to disable the server service which
will effectively disable file and print sharing on those computers. However this will also disable the ability to remote manage those machines, but if this is not an issue, this will be your best option.

M@
0
 
ComtekCommented:
What you need to do is disable the Server service.

You can do this in Group Policy by going to: Computer Configuration --> Windows Settings --> Security Settings --> System Services. Double Click your Server Service, Check "Define this policy setting" and select Disabled.
0
 
mattclarifiedCommented:
You could also disable the option under Computer configuration > Admin templates > Network > Network connections > Windows firewall > Domain Profile > Windows Firewall: Allow inbound file and printer sharing exception. This should deny all file and print traffic requests coming in, so will not make a difference if file and print sharing is turned on or not.

M@
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
ComtekCommented:
Or do both.
0
 
taki1gostekAuthor Commented:
no what i really need is to uncheck file and printer sharing from the local area connection properties, because as machines were rolled out and migrated to this domain, the file and print sharing was unchecked locally by admins, but we need the ability to turn it on again and off (as needed for different apps) using group policy...  so i guess if I can get a way to turn file and printer sharing on (the checkbox next to it in the properties of the lan), the opposite will work for what I currently need...  
0
 
taki1gostekAuthor Commented:
i need the server service on because remote management is important
0
 
mattclarifiedCommented:
Hi,

There is no way to turn it on or off using group policy, I would suggest turning it on for all machines by using snetcfg.exe, take a look at this thread which will point you in the right direction - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=125461&site_id=1#import

After you have enabled it for all machines, control it by using the firewall rules in group policy as I set out above

M@
0
 
ComtekCommented:
This can probably be done with Windows Scripting. I'm setting up an XP virtual machine right now to test it and will post back my results.
0
 
Adam BrownSr Solutions ArchitectCommented:
There isn't a default method for doing this through a GPO. However, it's possible to create a custom Administrative Template (ADM Templates) to configure the registry entries you need to modify to shut down File and Printer sharing without firewall configuration or shutting down services. The registry entries that need to be modified are here: http://www.pctools.com/guides/registry/detail/132

This is a guide for creating ADM templates: http://support.microsoft.com/kb/225087

Custom ADM templates work best on Windows 2003 and below. If you have Windows 2008 or Windows 7 with the Windows 2008 Remote Server Admin Tools installed on it, you can build a GPO that pushes the registry entries out using Group Policy Preferences. Info on that here: http://technet.microsoft.com/en-us/library/cc731892%28WS.10%29.aspx
There is also some information on handling ADMX templates (Windows 2008's ADM templates) in that section of Technet.
0
 
taki1gostekAuthor Commented:
Awesome thanks!
0
 
ComtekCommented:
Ok, this is the only thing I could come up with, and I tested that it works.

First, download snetcfg_wxp.exe from http://winpesoft.hp.infoseek.co.jp/winpe/arc/snetcfg_wxp.zip 

Then create a script that runs these commands:
snetcfg_wxp -u MS_Server
snetcfg_wxp -c s -i MS_Server

That will remove then reinstall the Server service. In the process it will automatically Check it in the network properties.

From then on if you need to enable/disable it you can is the firewall group policy setting or Server service setting in group policy as described above.
0
 
McKnifeCommented:
Also have a look at this thread - it's about configuring the firewall using a domain startup script and would hold a solution for you on the premise that ALL computers should share the same config. http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_Vista/Q_23558060.html
0
 
taki1gostekAuthor Commented:
Thanks
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 4
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now