Solved

Prevent Users Mapping to Network Drives in a XP Workgroup

Posted on 2010-09-09
5
837 Views
Last Modified: 2012-05-10
We have a workgroup where security has not been an issue until now.  A new PC has been added to the workgroup, it has two shared folders which the other PC's need to access.  This access has been setup and is all OK but I do not want the users on the new PC to be able to map to/view/delete folders on the existing PCs.
I cannot disable the guest account on the existing PC's as there is ESKO prepress software involved which is fairly specific in its requirements and has many shared folders across all existing PC's.

I thought if I could restrict access to the network for the new PC this may overcome the problem.
I have:
1.  Set NoNetDrives on HKEY_CURENT_SUER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polocies\Explorer. to 1.
2.  Cleared out the Map Network Drive MRU list in HKEY_CURENT_SUER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer.

Now the user cannot map to a network drive, cannot view the network via Network Neighbourhood.  But if they know the computer/fodler name they can map to it anyway.
Is there some way of preventing users from doing this?
0
Comment
Question by:purbrick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 500 total points
ID: 33643747
0
 

Author Comment

by:purbrick
ID: 33643770
Wow, that will work.  Would also require some good documentation for down the track if the situation changed.  Would you recomend setting no access to net1.exe and net.exe or does this sound dangerous?
0
 

Author Comment

by:purbrick
ID: 33643781
Plus when it says no permissions - does that mean turning off all the allow options for the user under the security tab of the properties for the files mentioned.
0
 
LVL 7

Expert Comment

by:rsimsee
ID: 33643820
I'm assuming that since you are using a workgroup rather than a domain that you're not talking about a lot of users / pc's?

Why can't you just use NTFS / Share permissions to restrict access to the folders as you normally would?  I realize it's a little more complilcated to do in a workgroup, but as long as you define everyone's account on each machine, and each users password is consistent among all of the pc's, it essentially would let you control access to whatever resrouces you needed to, sort of like a poor man's domain...

0
 

Author Comment

by:purbrick
ID: 33643831
Yes it is a workgroup, a domain would be easy.  I know what you mean but dont want to as this would also require disabling the guest account, and their are some process PC's which are in German which I wouldnt even know where to begin (and not XP) , plus a RIP server which is very fussy about permissions I dont want to risk stopping the prepress from producing plates etc.
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question