We help IT Professionals succeed at work.

Guest access to Internet but not to shared folder

I have a home network which is fully wired.... no wireless.  Is there a way I can have the computer (Win 7 Professional) in the guest room access the Internet but not access the shared folders on my LAN?

i thought maybe there's a service I might be able to Disable.

Thanks.
Comment
Watch Question

Commented:
You can specify username or group who shares the folder share.

Commented:
This is interesting... I cant recall someone ever asking it... You should be able to block outbound SMB requests to other systems via the local firewall...

http://blogs.technet.com/b/srd/archive/2010/04/12/smb-client-update-blog-post.aspx

You should be able to put in a rule to disable all outbound traffic to a destination port of 139 and 445. This will not allow them to see network shares, but should still give them the connectivity access in order to access the internet...

Please let me know if you need more detailed information or if you have any more questions.

Thanks,

P1isken
Commented:
So long as your shared folders are password protected, it shouldn't be a problem.  

If you don't want passwords on your shared folders, you could play around with other methods like editing the host file on the machine in question, or adding firewall rules to either that machine or the other machines on your network.

For instance, if you edit the host file located in c:\windows\system32\drivers\etc and put in entries for each of your other LAN machines with 127.0.0.1 as the address, than that machine will not be able to communicate with the other machines.

Keep in mind however, that this is not secure at all, and anybody with a decent amount of knowledge would be able to fix this.
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
right click on shared folder then sharing , add ANONYMOUS LOGON , then go to security add the same
ANONYMOUS LOGON, give them whatever they want of permissions.
also start -> run -> gpedit.msc
then browse computer configuration -> windows settings-> security settings -> local policy -> user right assignment , on the right pane double click on access this computer from network -> add "ANONYMOUS LOGON" .close back start -> run -> type : gpupdate /force

its will work fine
Distinguished Expert 2019

Commented:
Change/set your home network to something other than the generic WORKGROUP or MSHOME.

But as others pointed out it all depends on what access you are granting to your shares.
I.e. if each system/user that want to access a share have to use username/password that is one thing that will limit the guest unless their username/password matches the username/password that has access.
Depending on your router, you might be able to VLAN the guest connection which will allow the user access to the net, but prevent the user from being able to access data on the other VLAN.

Commented:
If all are W7 computers, you can set them up within a HOME GROUP. Set up in this configuration, the computers on that HOME GROUP share a saved pass phrase or shared secret. This will deny anyone without the shared secret from accessing files even if they are on the same Workgroup.

I also have to agree more so with VLANS. This separates your lan (virtually) from the gues lan.

In addition, accessing files also depends upon the permissions you set up. They have to authenticate with the workgroup computer's user that are located on that local computer in order to access files and shares unless you allow EVERYBODY to see them on the workgroup. So, set explicit permissions to users that have access to the shares and remove the EVERYBODY and GUESTS on the file shares.