Need tweak to prohibit creation of new shares

  • Thread starter Thread starter Kam
  • Start date Start date
K

Kam

Hi All,

Does anyone know of a tweak to prohibit all users (except
Admin, of course) from creating any new shares (eg. sharing
a personal folder)? It's all too easy for a user to share
one of his/her folders with Everyone:Full Control
permissions. Thanks.

Kam.
 
Easy - don't give anyone full control. Users should have modify
instead...and I wouldn't leave the security set up with Everyone. Add
administrators=full control, system=full control, users=modify and push it
down through the subfolders - then disable inheritance from the higher-level
folder & choose "copy" not "remove" or you'll paint yourself into a corner.
Then remove everyone entirely, push it down again...you should be good to
go.

The only folders users generally need full control over are the profile
folders...
 
Thanks for the advice, I'll give it a try.

Kam.
-----Original Message-----
Easy - don't give anyone full control. Users should have modify
instead...and I wouldn't leave the security set up with Everyone. Add
administrators=full control, system=full control, users=modify and push it
down through the subfolders - then disable inheritance from the higher-level
folder & choose "copy" not "remove" or you'll paint yourself into a corner.
Then remove everyone entirely, push it down again...you should be good to
go.

The only folders users generally need full control over are the profile
folders...



.
Click to expand...
 
Check their group membership. They must be at least power users?? If so change
them to regular users if at all possible. Also do their computers really need to
be offering shares in the first place? If the answer is no and you do not need
to manage their Computers Remotely then uninstall file and print sharing on them
[you could also disable server service via Group Policy for large numbers of
computers] or possibly change the user right assignment to "access this computer
from the network" to be only administrators if regular users have no business
accessing those computers. --- Steve
 
Back
Top