Solved

Prevent Users Mapping to Network Drives in a XP Workgroup

Posted on 2010-09-09
5
829 Views
Last Modified: 2012-05-10
We have a workgroup where security has not been an issue until now.  A new PC has been added to the workgroup, it has two shared folders which the other PC's need to access.  This access has been setup and is all OK but I do not want the users on the new PC to be able to map to/view/delete folders on the existing PCs.
I cannot disable the guest account on the existing PC's as there is ESKO prepress software involved which is fairly specific in its requirements and has many shared folders across all existing PC's.

I thought if I could restrict access to the network for the new PC this may overcome the problem.
I have:
1.  Set NoNetDrives on HKEY_CURENT_SUER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polocies\Explorer. to 1.
2.  Cleared out the Map Network Drive MRU list in HKEY_CURENT_SUER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer.

Now the user cannot map to a network drive, cannot view the network via Network Neighbourhood.  But if they know the computer/fodler name they can map to it anyway.
Is there some way of preventing users from doing this?
0
Comment
Question by:purbrick
  • 3
5 Comments
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 500 total points
ID: 33643747
0
 

Author Comment

by:purbrick
ID: 33643770
Wow, that will work.  Would also require some good documentation for down the track if the situation changed.  Would you recomend setting no access to net1.exe and net.exe or does this sound dangerous?
0
 

Author Comment

by:purbrick
ID: 33643781
Plus when it says no permissions - does that mean turning off all the allow options for the user under the security tab of the properties for the files mentioned.
0
 
LVL 7

Expert Comment

by:rsimsee
ID: 33643820
I'm assuming that since you are using a workgroup rather than a domain that you're not talking about a lot of users / pc's?

Why can't you just use NTFS / Share permissions to restrict access to the folders as you normally would?  I realize it's a little more complilcated to do in a workgroup, but as long as you define everyone's account on each machine, and each users password is consistent among all of the pc's, it essentially would let you control access to whatever resrouces you needed to, sort of like a poor man's domain...

0
 

Author Comment

by:purbrick
ID: 33643831
Yes it is a workgroup, a domain would be easy.  I know what you mean but dont want to as this would also require disabling the guest account, and their are some process PC's which are in German which I wouldnt even know where to begin (and not XP) , plus a RIP server which is very fussy about permissions I dont want to risk stopping the prepress from producing plates etc.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question