I don't know if such policy exists but I have never heard of it but beware
there are many ways to "see" network shares particularly if you have netbios
over tcp/ip enabled on the network. If a network can exist without netbios
over tcp/ip you can publish shares to AD and then set permissions on the
share object in that if a user does not have read permissions they will not
see the share via AD. It is possible to disable NBT in an all W2K/W2003?XP
Pro network if you do not use any applications that require it nor want to
use My Network Places to find network resources that will show via the
browser service. Keep in mind that I believe the Exchange may still require
NBT.
Having said that pay heed to Roger's reply. Ultimately you need to control
access to network resources by using the principle of least privilege for
group membership, user rights [access this computer from network], and
share/folder [ntfs] permissions instead of trying to hide access. Depending
on your network configuration you may also be able to use an ipsec "require"
policy to protect access to computers from computers that should not ever be
able to access it. Ipsec can encrypt/maintain integrity traffic and require
computer authentication before access is allowed. Ipsec is a more advanced
topic however and ipsec policies need to be thoroughly tested before rolling
out. --- Steve
http://www.microsoft.com/windows2000/technologies/communications/ipsec/default.asp
--- Windows 2000 ipsec center.
"(e-mail address removed)12.ny.us"
