Click here to get back home

Stop Browsing for computers
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Stop Browsing for computers WMB 11-07-2007
Posted by WMB on November 7, 2007, 6:14 am
Please log in for more thread options
 Hello there

Is there a way to stop Mac and PC users from Browsing all my computers in my
windows 2003r2 domain.?


Posted by Steven L Umbach on November 7, 2007, 7:51 pm
Please log in for more thread options
 Unless you disable netbios over tcp/ip for the domain and then manage
permissions on AD objects you are not going to have much luck and that is
something to NOT consider without a lot of testing as things may break.

http://support.microsoft.com/kb/313314 --- disable netbios over tcp/ip
http://support.microsoft.com/kb/299977/ --- more info on the same with some
ramifications shown

You can hide computers running file and print sharing from appearing in the
browse list [ net config server /hidden:yes|no ] and also hide shares by
naming them with a $ after the name though that is not foolproof either. In
my opinion your best bet is to not worry about it but to make sure that
users have access to only those shared resources they need by managing share
and folder permissions and user rights [access this computer from the
network] with the best practice of least user privilege. Windows Firewall
and ipsec policies can also be used to prevent access to computers for
specific services and both can be managed via Group Policy

You can also use access based enumeration on Windows 2003 servers so that
users can not see folders within a share unless they have read permission
for the folder.

Steve

http://www.windowsnetworking.com/articles_tutorials/Implementing-Access-Based-Enumeration-Windows-Server-2003.html

--- ABE

> Hello there
>
> Is there a way to stop Mac and PC users from Browsing all my computers in
> my windows 2003r2 domain.?



Posted by S. Pidgorny on November 9, 2007, 6:56 pm
Please log in for more thread options
Stop Computer Browser service on all systems (it's a reg entry on Win9x
legacy systems) - since there will be no browser service available, no
browsing will be possible?

Trying security through obscurity, eh? Don't waste time.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

> Hello there
>
> Is there a way to stop Mac and PC users from Browsing all my computers in
> my windows 2003r2 domain.?



Similar ThreadsPosted
Users browsing network via Office 2003 October 7, 2006, 7:49 am
Prevent browsing with UNC paths for Terminal Services users April 5, 2006, 2:05 pm
my computers address January 15, 2006, 2:35 pm
Right to add computers to a domain May 15, 2006, 5:08 am
WAN stop respond June 1, 2006, 11:13 am
Computers Losing Connection ??? January 11, 2007, 10:47 am
stop some users login at a PC. October 6, 2005, 3:00 pm
Any way to see which computers a domain account is logged into? April 3, 2006, 11:44 am
Permissions for joining XP computers to domain July 25, 2006, 9:35 am
avoid users to login in other computers October 15, 2007, 10:33 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap