File and Print sharing

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a windows 2003 server w/ 100 win XP PC. I would like to turn off file
and print sharing on the local PC, we have network printers and a file
server, so I do not want them to share files and printers localy, and with
some of the viruses going around I would like to just be on the safe side and
remove any unneeded things ( I Do have SAV installed on all PC). So to the
question is there a way to do this with GPMC
 
Daniel said:
I have a windows 2003 server w/ 100 win XP PC. I would like to turn
off file and print sharing on the local PC, we have network printers
and a file server, so I do not want them to share files and printers
localy, and with some of the viruses going around I would like to
just be on the safe side and remove any unneeded things ( I Do have
SAV installed on all PC). So to the question is there a way to do
this with GPMC
Click to expand...

OT - but if all they have are limited user accounts, they can't do this
anyway. And frankly, that's all they really should have.

(this is meant to be an addition to any other, more specific replies, you
get).
 
You have a couple of options. You can use Group Policy - computer
configuration/Windows settings/security settings - services to disable the
server service on those computers which you do NOT want to do at the domain
level that may affect domain controllers, you can configure the user right
for access this computer from the network to include only domain admins or
such for those computers, you can use an ipsec filtering policy that denies
access to ports 139 and 445 tcp on those computers, or if using XP Pro SP2
you can enforce the use of the XP Windows firewall on those computers. The
XP Windows firewall would be the best option to stop propagation of a worm.
Keep in mind that you can not manage those domain computers remotely using
My Computer if the file and print sharing ports are blocked though you still
may be able to use RDP on port 3389 TCP. The XP SP2 Windows Firewall can be
managed via Group Policy and you can create exceptions such as to open file
and print sharing ports only for specific IP addresses such as those used by
workstations for those who are authorized to do administrator functions on
those computers. If your users are allowed to create folders, then they are
at least power users which in itself is a risk factor for computer problems
such as the user allowing malware to be installed from the internet or
media. --- Steve
 
Back
Top