If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Security issue
We have a network of good size and everybody is a local admin on thier PC's.
Problem is if you do a \\ computer name\c$ anybody can access others PC'S. What would be a good security workaround to stop this. |
Ads |
#2
|
|||
|
|||
Security issue
Turn off the Administrative shares
Click Start, Run and enter REGEDIT Go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\lanmanserver\paramet= ers In the right pane locate the values AutoShareServer and AutoShareWks. = If it exists, double click each of these values and set it to 0. If = either of the values doesn't exist, right click in a blank area of the = right pane, select New, DWord value and name the value AutoShareWks or = AutoShareServer as appropriate. Leave the new value at 0. Note: Only user with an Administrator level account can access the $ = shares. Additionally, to ease this process, you can copy and paste the following = into a Notepad file. Save the file with an REG extension. Then just = copy it to a floppy, take it to each machine that needs the patch and = double click the REG file. Answer Yes to the import prompt. ------- Copy below this line ----------------------- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\lanmanserver\parame= ters] "AutoShareWks"=3Ddword:00000000 "AutoShareServer "=3Ddword:00000000 ------- Copy above this line including the blank line = ---------------------------- Make sure that the HKEY_LOCAL_MACHINE line does not wrap...... --=20 Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display Win 95/98/Me/XP Tweaks and Fixes http://www.dougknox.com -------------------------------- Per user Group Policy Restrictions for XP Home and XP Pro http://www.dougknox.com/xp/utils/xp_securityconsole.htm -------------------------------- Please reply only to the newsgroup so all may benefit. Unsolicited e-mail is not answered. =20 "brian07" wrote in message = ... We have a network of good size and everybody is a local admin on = thier PC's. Problem is if you do a \\ computer name\c$ anybody can access others = PC'S. What would be a good security workaround to stop this. |
#3
|
|||
|
|||
Security issue
Have you tried NTFS permissions ? If a group named GroupX has permission to
access the folder, then everybody in GroupX will have access to the folder. If you want only certain people to have access, then remove NTFS permission for GroupX, and give NTFS permission to a new group populated with only those people who should have access. P.S. Apostrophe is only properly used with ownership (e.g. Mike's car) and when combining a verb with is or not (e.g. it's or hasn't ). When s is used to form a plural, it is never used with an apostrophe (e.g. bird's is not the plural for bird). The plural of PC is PCs (with no apostrophe). "But thousands of other people do it" is irrelevant. "brian07" wrote in message ... We have a network of good size and everybody is a local admin on thier PC's. Problem is if you do a \\ computer name\c$ anybody can access others PC'S. What would be a good security workaround to stop this. |
#4
|
|||
|
|||
Security issue
"JW" wrote in message
... P.S. Apostrophe is only properly used with ownership (e.g. Mike's car) and when combining a verb with is or not (e.g. it's or hasn't ). 'Twas the night before Christmas . . . Apostrophe is properly used with elision, when eliding intial or final letters. |
#5
|
|||
|
|||
Security issue
What you can and should consider, resolve this by
not having everyone using a admin account. Given that you want them admins on their machines then you need to look at how it is that they are made admins. Each person being local admin on their own machine does not in and of itself grant any one of them any access on any other machine (admin or even just user). In other words, it is not _that_ they are local admins which is your problem but it is _how_ they have been made admin that is your issue. Is this a domain ? Then look for and remove such as Domain Users from the Administrators group, or, do not make all accounts Domain Admins members, etc.. Instead, make each user account a member of Administrators on the one machine that is their machine. If this is not a domain, then do not define accounts with the same name on machines where there should be no access, or if this is done, do not make that account a member of Administrators group on the other machine. If you want in either case just control all remote access by use of the user right to log on over the network on each machine. -- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "brian07" wrote in message ... We have a network of good size and everybody is a local admin on thier PC's. Problem is if you do a \\ computer name\c$ anybody can access others PC'S. What would be a good security workaround to stop this. |
Thread Tools | |
Display Modes | |
|
|