MAC Suite - integrated to AD but students see all shares on network?
Not the most experienced person in the world with MACs but in short.....
Engineer is configuring a suite of MACs with a mac mini server to setup a link between AD and OD, so that students and staff can login with their usual credentials and save to their My Documents and shared areas, and see the licence server for sibelius amongst other things.
However when a student logs in they are able to browse using finder and see every possible share on the network, although not access any folder or documents unless they have the correct permissions. They are able to see folders such as finance, personnel and various others.
The Engineer feels that it is because of the Bonjour (mDNSResponder) service but states he cannot turn it off or we will lose internet connectivity and other network services. There is no way to disable the view of the network, or prevent the students from seeing anything. On the windows network, they get the mapped drives we choose and that's it, is there no way on MACs to enforce such a policy?
I wondered if other schools could share how locked down their macs are, and if they have the same problem, and either live with it or there is a way to hide/disable them?
Any help would be greatly welcomed.