+ Post New Thread
Results 1 to 7 of 7
Mac Thread, Hiding sysvol etc shares in Finder in Technical; Our students are currently enjoying browsing through the sysvol etc shares on the Windows servers from the OSX 10.6.8 Macs. ...
  1. #1
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,437
    Thank Post
    130
    Thanked 109 Times in 73 Posts
    Rep Power
    33

    Hiding sysvol etc shares in Finder

    Our students are currently enjoying browsing through the sysvol etc shares on the Windows servers from the OSX 10.6.8 Macs. They only have read access (as they need for the windows machines) but I would like to prevent this if possible.

    I've switched off the display of 'connected servers' in finder by using preferences on the Mac Server, but they can still drill down from Network in finder. Is there a policy or preference I can use to stop this browsing as its allowing reading of group policies. Nothing in there is top secret but it seems like an open door to me.

  2. #2
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,491
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    52
    Couldn't they just do the same from a windows system then?

  3. #3
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,437
    Thank Post
    130
    Thanked 109 Times in 73 Posts
    Rep Power
    33
    No, using group policy settings we prevent network browsing. Obviously they have read access otherwise they wouldn't be able to login/receive policies etc but they can't browse the folder structure.

  4. #4
    round2it's Avatar
    Join Date
    May 2009
    Location
    UK
    Posts
    1,084
    Thank Post
    255
    Thanked 161 Times in 116 Posts
    Rep Power
    41
    same issue here

  5. #5
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    270
    Thank Post
    11
    Thanked 114 Times in 95 Posts
    Rep Power
    41
    Hi

    A number of ways you could do this:

    Disable NetBIOS over TCP/IP and that should stop the Macs 'seeing' PCs in the Finder SideBar. This assumes you're not supporting any older applications that you may be running in Virtualisation/Emulation on one of your Windows Servers? If everything you have is XP or better there's no compelling reason AFAIK to leave the option enabled. However you will have to double-check with the network designer/administrator first. If that person happens to be you and you absolutely know everything you need to know regarding your network then you're the best person able to answer the question.

    Put all the Macs in their VLAN/subnet. Macs are by design Multicast first and Unicast second. The Finder and Finder Sidebar supports Bonjour and NetBIOS Browsing by default. Bonjour does not traverse subnets easily so placing all the macs in a different subnet should stop them 'seeing' other nodes that are in different subnets. This IMO is an easy 'fix'.

    Restrict what users see in the sidebar by applying an appropriate MCX.

    There are other ways I can think of but any one of or a combination of the above should do.

    HTH?

    Antonio Rocco (ACSA)
    Last edited by AntonioRocco; 28th September 2011 at 03:21 PM.

  6. Thanks to AntonioRocco from:

    Sheridan (29th September 2011)

  7. #6
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,437
    Thank Post
    130
    Thanked 109 Times in 73 Posts
    Rep Power
    33
    Brilliant that seems to have worked a treat! I used that in conjunction with another post of yours (linky) and that has done the job a treat, without restricting the users too much!

  8. #7

    Join Date
    Nov 2006
    Location
    Redcar
    Posts
    62
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    17
    I am enjoying some success with simple finder along with a local firewall rule burned into a master image, which can either be done manually or with WaterRoof:

    deny tcp from any to any 137 out
    deny udp from any to any 137 out

    This blocks WINS, which stops my windows clients showing up in shared, not sure what, if any limitations this poses on my macs yet, but I have magic triangle up and running with 10.6.4 and this rule in place, with no problems so far... #watchthisspace
    Last edited by cogrady84; 3rd January 2012 at 04:41 PM.



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 8
    Last Post: 22nd February 2011, 06:02 PM
  2. hiding the network option in the GO menu
    By goodhead in forum Mac
    Replies: 5
    Last Post: 12th July 2010, 12:36 PM
  3. Replies: 1
    Last Post: 14th April 2010, 10:13 PM
  4. Hiding Sysvol and Netlogon shares?
    By fox1977 in forum Windows Server 2000/2003
    Replies: 11
    Last Post: 6th November 2009, 12:14 AM
  5. Problem Accessing shares in a different domain
    By Stuart_C in forum Windows
    Replies: 2
    Last Post: 30th May 2008, 10:15 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •