Local Power Users Group

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Currently a user who is in the local Power Users group can open My Network
Places and see all computers and servers listed. When they try to open a
member server or a computer, they are prompted for a network administrators
password. But, they are able to open a domain controller and have Write
access to the domain controller. Is there a way to restrict/disable a Power
User from accessing Domain Controllers on the network? Or better yet,
hide/disable My Network Places for Power Users Group?
Thanks,
GW
 
Hiding My Network Places or otherwise crippling the ability
to browse the MS client/server network does not really make
anything unavailable, except browsing the list of what is there.

The issue you have is not that the account is a Power User on
some machine. The issue is what grants exist to the account
of the domain that they are using, or to groups of which it is a
member, and this is so whether we consider the grants on the
domain controllers or on other servers that they access.

Roger
 
Its Ok that it doesn't really make it unavailable. I want to keep a user
from browsing the lists of what is there. Or, if they can browse the list,
make them unable to open the domain controllers and see and access what's on
the drivers. Is the OS capable of doing this and if so, can you give me the
steps to follow to make the changes?
Thanks,
GW
 
You cannot prevent them from browsing the list of machines
except by not running the Computer Browser and Workstation
services on the machines that they use.

To prevent them from looking into shares on machines you
need to make sure that they have no grants on those shares.

That means making sure that the account they use, or groups
in which it is a member, have no grants on those shares.
If you have granted that account (or its groups) access, then
you cannot expect the account to have no access. If the account
(or its groups) has no grants, then it will have no access.

The grants can be controlled at either the share level (the
permissions tab on the Sharing dialog) or the NTFS level
(the Security dialog) in the properties of the shared.

Roger
 
Back
Top