Map Network Drive

  • Thread starter Thread starter Jeff M
  • Start date Start date
J

Jeff M

Have a Win2K domain in an educational instituition....I
have browsing network and mapping drives disable to the
clients thru GPO.....Problem is..when they run Microsoft
Visual C++, and go to File New....It allows them to browse
and potentially mount a network share...I need to disbale
this somehow and am not having any luck finding any
answers...I cannot block net cmd either.because I use that
for scripts..So......any ideas would be greatly
appreciatted.....I prefer to do this thru a GPO
somehow..but am open to any suggestions....

Thanks,
Jeff
 
That is difficult to do with a user being a power user or local administrator.The
only thing i can think of is to use Group Policy to disable the server service and
change permissions on it to allow only members of the domain admins group to start
it. That can be done in computer configuration/security settings/system services. Of
course that assumes the server service is not needed on those computers. A signed
computer user policy that states what a user can and can not do on YOUR computers may
also be something to consider. Ipsec filtering policy using permit and deny rules at
the domain level and configuring the user right for "access this computer from the
network" can help prevent unauthorized computers or users from gaining access to a
computers shares or block all network access with ipsec filtering.--- Steve
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeff M wrote:
| Have a Win2K domain in an educational instituition....I
| have browsing network and mapping drives disable to the
| clients thru GPO.....Problem is..when they run Microsoft
| Visual C++, and go to File New....It allows them to browse
| and potentially mount a network share...I need to disbale
| this somehow and am not having any luck finding any
| answers...I cannot block net cmd either.because I use that
| for scripts..So......any ideas would be greatly
| appreciatted.....I prefer to do this thru a GPO
| somehow..but am open to any suggestions....
|
| Thanks,
| Jeff
How about using the permission on the resources rather than trying to
prevent them trying; you could argue that in fact you don't mind people
trying your car door handle when you leave it as long as they can't
actually break in! We're educational here and we use sharing/NTFS
permissions on our file system to prevent access for unauthorised users.
I don't mind them knowing that EVERY student has a user area, but
because only creator/owner and domain admins have access they can't
break in. Of course given that they all tell each other their
passwords.......
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBOCHvqmlxlf41jHgRAgMvAJ0XtNsqQyXZCLX5sAxUyAL7eRpu2QCdGJ9S
UL2AEpf+K/oFIm05pAxKYkg=
=HD5Z
-----END PGP SIGNATURE-----
 
Back
Top