+ Post New Thread
Results 1 to 7 of 7
Mac Thread, Hiding sysvol etc shares in Finder in Technical; Our students are currently enjoying browsing through the sysvol etc shares on the Windows servers from the OSX 10.6.8 Macs. ...
  1. #1
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,324
    Thank Post
    115
    Thanked 93 Times in 63 Posts
    Rep Power
    29

    Hiding sysvol etc shares in Finder

    Our students are currently enjoying browsing through the sysvol etc shares on the Windows servers from the OSX 10.6.8 Macs. They only have read access (as they need for the windows machines) but I would like to prevent this if possible.

    I've switched off the display of 'connected servers' in finder by using preferences on the Mac Server, but they can still drill down from Network in finder. Is there a policy or preference I can use to stop this browsing as its allowing reading of group policies. Nothing in there is top secret but it seems like an open door to me.

  2. #2
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,490
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    51
    Couldn't they just do the same from a windows system then?

  3. #3
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,324
    Thank Post
    115
    Thanked 93 Times in 63 Posts
    Rep Power
    29
    No, using group policy settings we prevent network browsing. Obviously they have read access otherwise they wouldn't be able to login/receive policies etc but they can't browse the folder structure.

  4. #4
    round2it's Avatar
    Join Date
    May 2009
    Location
    UK
    Posts
    1,001
    Thank Post
    198
    Thanked 144 Times in 102 Posts
    Rep Power
    37
    same issue here

  5. #5
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    266
    Thank Post
    10
    Thanked 113 Times in 95 Posts
    Rep Power
    40
    Hi

    A number of ways you could do this:

    Disable NetBIOS over TCP/IP and that should stop the Macs 'seeing' PCs in the Finder SideBar. This assumes you're not supporting any older applications that you may be running in Virtualisation/Emulation on one of your Windows Servers? If everything you have is XP or better there's no compelling reason AFAIK to leave the option enabled. However you will have to double-check with the network designer/administrator first. If that person happens to be you and you absolutely know everything you need to know regarding your network then you're the best person able to answer the question.

    Put all the Macs in their VLAN/subnet. Macs are by design Multicast first and Unicast second. The Finder and Finder Sidebar supports Bonjour and NetBIOS Browsing by default. Bonjour does not traverse subnets easily so placing all the macs in a different subnet should stop them 'seeing' other nodes that are in different subnets. This IMO is an easy 'fix'.

    Restrict what users see in the sidebar by applying an appropriate MCX.

    There are other ways I can think of but any one of or a combination of the above should do.

    HTH?

    Antonio Rocco (ACSA)
    Last edited by AntonioRocco; 28th September 2011 at 02:21 PM.

  6. Thanks to AntonioRocco from:

    Sheridan (29th September 2011)

  7. #6
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,324
    Thank Post
    115
    Thanked 93 Times in 63 Posts
    Rep Power
    29
    Brilliant that seems to have worked a treat! I used that in conjunction with another post of yours (linky) and that has done the job a treat, without restricting the users too much!

  8. #7

    Join Date
    Nov 2006
    Location
    Redcar
    Posts
    62
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    I am enjoying some success with simple finder along with a local firewall rule burned into a master image, which can either be done manually or with WaterRoof:

    deny tcp from any to any 137 out
    deny udp from any to any 137 out

    This blocks WINS, which stops my windows clients showing up in shared, not sure what, if any limitations this poses on my macs yet, but I have magic triangle up and running with 10.6.4 and this rule in place, with no problems so far... #watchthisspace
    Last edited by cogrady84; 3rd January 2012 at 03:41 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 8
    Last Post: 22nd February 2011, 05:02 PM
  2. hiding the network option in the GO menu
    By goodhead in forum Mac
    Replies: 5
    Last Post: 12th July 2010, 11:36 AM
  3. Replies: 1
    Last Post: 14th April 2010, 09:13 PM
  4. Hiding Sysvol and Netlogon shares?
    By fox1977 in forum Windows Server 2000/2003
    Replies: 11
    Last Post: 5th November 2009, 11:14 PM
  5. Problem Accessing shares in a different domain
    By Stuart_C in forum Windows
    Replies: 2
    Last Post: 30th May 2008, 09:15 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •