|
Posted by Roger Abell [MVP] on September 5, 2005, 11:00 pm
Please log in for more thread options
So as I read your post
- you are providing external customers with terminal services login
to your internal corporate forest
- you are letting them log in with domain accounts
- your internal machines are at default with Domain Users in the
machine local Users group
- your machines share with default grants to Everyone, or with
other broad grant such as to Domain Users, and the sharing
machines do not restrict the machines with which they communicate
That sounds like four things that maybe should be each examined
for alternatives in order to segment and protect your assests.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA, MCSE W2k3+W2k+Nt4
> Hi Guys,
>
> We are setting up a policy to lock down the TS/RDP sessions for out remote
> customers, and I have hit a problem, if I create a shortcut to a share on
> the
> deskop they can access it fine and get to documents inside it...etc.
> However
> if the click the "Up a folder button" again and again it just keeps going
> and
> you eventually get to our domain and can see and access all machines
> within
> it including servers. How can I stop this from happening, either by hiding
> the domain or preventing browse access to it via a security policy or reg
> hack, its windows 2003 server ent, I thought there was an Item that
> prevents
> access to the domain in the security policy but I cant xseem to find it.
>
> Thanks guys!
>
> Antiny Clifford
> IT
> Education Direct
| 
XML Sitemap