Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Stopping user browsing and accessing shares

Posted on 2011-09-07
9
Medium Priority
?
359 Views
Last Modified: 2013-12-04
Hi,

I have a Windows 2008 r2 server that is being access over RDP. I don't want that user to be able to see or browse to any shares on my domain. They can have access to the Internet.

They are already in a deny list, but I don't want them browsing anywhere either. Is their a Group Policy that can do this?

Best wishes

Michael
0
Comment
Question by:proximityworld
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 6

Expert Comment

by:markterry
ID: 36497297
Can the machine that they are RDP'ing into be taken off the domain? that would be the easiest.

Otherwise it requires quite a bit of management, unless there is a policy or something like that I am not aware of.

Definitely, for simplicity (which is a requirement of good security) you should make that machine not part of the domain that they are RDP'ing into.
0
 
LVL 6

Expert Comment

by:markterry
ID: 36497320
Another possibility is only giving them access to one app. however, sometimes those apps let you browse the file system to open a file or whatever, and then they can browse the network if they know what they are doing and have domain access.
0
 
LVL 16

Expert Comment

by:Bryan Butler
ID: 36497614
To be clear, you want the user to see only the local drive folders?  Or some shares, but not all shares?  Would a local group policy work?

http://technet.microsoft.com/en-us/library/cc938757.aspx
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 1

Author Comment

by:proximityworld
ID: 36501766
The problem is I need them to log into the machine with a domain account so it had the strong password and expiration of the domain policy.

I was wondering if I could block smb via the firewall, but was worried that this would also stop the machine seeing sysvol and what issues that might cause.

Best wishes

Michael
0
 
LVL 56

Accepted Solution

by:
McKnife earned 2000 total points
ID: 36519247
0
 
LVL 1

Author Comment

by:proximityworld
ID: 36519781
That would seem to do the trick, but surely Microsoft has policy to deny a user/computer from browsing FROM a server rather than having to block it from other servers and having to configure the remote ends.

It would seem simpler to block the user from the machine they're on.

Best wishes

Michael
0
 
LVL 56

Expert Comment

by:McKnife
ID: 36519797
No, MS has not. Of course you can use firewall policies, yes, but those don't care what user is logged on.
0
 
LVL 1

Author Comment

by:proximityworld
ID: 36519821
I don't mind about blocking all users. I can easily change the firewall policy when I need to get on the server.


Cheers

Michael
0
 
LVL 56

Expert Comment

by:McKnife
ID: 36519852
I advise you to use the aforementioned policy. Use a GPO and it will be configured everywhere in a jiffy.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question