• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 848
  • Last Modified:

Prevent Users Mapping to Network Drives in a XP Workgroup

We have a workgroup where security has not been an issue until now.  A new PC has been added to the workgroup, it has two shared folders which the other PC's need to access.  This access has been setup and is all OK but I do not want the users on the new PC to be able to map to/view/delete folders on the existing PCs.
I cannot disable the guest account on the existing PC's as there is ESKO prepress software involved which is fairly specific in its requirements and has many shared folders across all existing PC's.

I thought if I could restrict access to the network for the new PC this may overcome the problem.
I have:
1.  Set NoNetDrives on HKEY_CURENT_SUER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polocies\Explorer. to 1.
2.  Cleared out the Map Network Drive MRU list in HKEY_CURENT_SUER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer.

Now the user cannot map to a network drive, cannot view the network via Network Neighbourhood.  But if they know the computer/fodler name they can map to it anyway.
Is there some way of preventing users from doing this?
0
Jenny Coulthard
Asked:
Jenny Coulthard
  • 3
1 Solution
 
Jenny CoulthardIT ManagerAuthor Commented:
Wow, that will work.  Would also require some good documentation for down the track if the situation changed.  Would you recomend setting no access to net1.exe and net.exe or does this sound dangerous?
0
 
Jenny CoulthardIT ManagerAuthor Commented:
Plus when it says no permissions - does that mean turning off all the allow options for the user under the security tab of the properties for the files mentioned.
0
 
rsimseeCommented:
I'm assuming that since you are using a workgroup rather than a domain that you're not talking about a lot of users / pc's?

Why can't you just use NTFS / Share permissions to restrict access to the folders as you normally would?  I realize it's a little more complilcated to do in a workgroup, but as long as you define everyone's account on each machine, and each users password is consistent among all of the pc's, it essentially would let you control access to whatever resrouces you needed to, sort of like a poor man's domain...

0
 
Jenny CoulthardIT ManagerAuthor Commented:
Yes it is a workgroup, a domain would be easy.  I know what you mean but dont want to as this would also require disabling the guest account, and their are some process PC's which are in German which I wouldnt even know where to begin (and not XP) , plus a RIP server which is very fussy about permissions I dont want to risk stopping the prepress from producing plates etc.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now