astrokat Posted May 1, 2003 Share Posted May 1, 2003 Hey Guys, I recently rolled my server to active directory. When I test out logining in on a workstation, I ran into a problem. When going into Network Places, you can see the directory (or domain). However, you can also see the machines on the working, user accounts, a built in directory .. etc. Granted, it does not appear a user can access any of this stuff (delete, make changes .. etc), however I figure its a security risk just being able to view it. My question is ... how can I hide it. :blush: Link to comment Share on other sites More sharing options...
UnaBonger Posted May 1, 2003 Share Posted May 1, 2003 Are you refering to users being able to open "My Network Places" from the desktop and see a list of whats on the network? That is a fairly common item in a network and can be usefull to the end user when they want to access a network share (provided they have the appropriate permissions) and/or attach to a network printer (once again provided they have the appropriate permissions). It's not necessarily a security risk if your permissions are set right. However, if you really want to get rid of it, create a group policy that hides it from your users. Link to comment Share on other sites More sharing options...
astrokat Posted May 1, 2003 Author Share Posted May 1, 2003 i dont mind the list of "computers" on the network .. but it has a list of "user accounts" on the network as well .. and thats bad. :/ Link to comment Share on other sites More sharing options...
UnaBonger Posted May 1, 2003 Share Posted May 1, 2003 I guess I misunderstood you. What are you looking in that is showing a list of user accounts? Active Directory Users & Computers? Link to comment Share on other sites More sharing options...
+primortal Subscriber² Posted May 1, 2003 Subscriber² Share Posted May 1, 2003 I think he means in window explorer and expand My Network Places|Directory, will return every object in the tree. Link to comment Share on other sites More sharing options...
UnaBonger Posted May 1, 2003 Share Posted May 1, 2003 Ok, but doesn't that only list workstations on the network? I don't remember seeing user objects there before... Link to comment Share on other sites More sharing options...
astrokat Posted May 1, 2003 Author Share Posted May 1, 2003 Yes, workstations, users, builtins (whatever those are), etc are all viewable. Sorry I wasn't more clear. I think I want to do this: http://msdn.microsoft.com/library/default....n-us/gp/344.asp But I have a feeling if I did, it would come back to haunt me later on. Any advice? Link to comment Share on other sites More sharing options...
+primortal Subscriber² Posted May 1, 2003 Subscriber² Share Posted May 1, 2003 Its not like once you enable it you can't disable it later. If you feel you need it future, disable it in the policy. It just stops the user from browsing the tree. They still can search the tree. Link to comment Share on other sites More sharing options...
astrokat Posted May 3, 2003 Author Share Posted May 3, 2003 oh yea .. will the printers still show up? Link to comment Share on other sites More sharing options...
Recommended Posts