Hi KJ. Thank-you for your post.
If you want to enforce security policies, you should really turn your
workgroup into a domain. Once you have a domain established, then
authentication and other security mechanisms can be enforced.
One thing you can try in a workgroup is to use NetBIOS scope IDs. Only
systems with the same scope ID will be able to communicate via NetBIOS.
Caution: the scope ID can be discovered if someone uses network monitor or
other such software to sniff network traffic on your network. Also,
depending on the clients in your environment, this approach may not be
effective.
These articles have some details about scope IDs:
244438 HOW TO: Enable NetBIOS Scope IDs in Windows 2000
http://support.microsoft.com/?id=244438
254542 Windows 2000-Based Computers Can Communicate with Different NetBIOS
http://support.microsoft.com/?id=254542
You can hide individual systems or entire subnets depending on how much
control you have:
321710 HOW TO: Hide a Windows 2000-Based Computer from the Browser List
http://support.microsoft.com/?id=321710
If you disable the computer browser service on all the systems on your
subnet, that will effectively hide the subnet from appearing in My Network
Places, as well as other applications that use NetBIOS Browsing.
The best approach is to establish a domain.
I hope that helps.
Tim Rains
Product Support Services
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
