+ Post New Thread
Results 1 to 10 of 10
Windows Server 2012 Thread, Network computers, including the serve, visible to users on W7 clients. in Technical; Hello everyone, I have been searching for a solution to this problem but have hit a brick wall and would ...
  1. #1

    Join Date
    Jul 2012
    Posts
    5
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Network computers, including the serve, visible to users on W7 clients.

    Hello everyone,

    I have been searching for a solution to this problem but have hit a brick wall and would appreciate your advice please.

    Clients logging in to their Windows 7 workstations are able to see the 'Network' Icon and view all other computers on the domain, including the DC. Clicking on a computer listed allows them to view and access the shares on those computers, even the DC (sysvol, netlogon, users etc). I have trawled through GPO's trying to find the relevent settings to remove the Network Icon and prevent users accessing other computers but with no luck. Please could you advise, Thanks

  2. #2

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,249
    Thank Post
    110
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    IMO Hiding them adds nothing of value. Kids will always bring in their own devices to scan the network - just because you've locked down the UI on your managed desktops does not make you secure.

    Security is provided through usernames/passwords, group membership, NTFS ACL, Share Permissions (set in that order)

    If you've got SQL instances on your lan make sure they are up to date (i.e all Service Packs, Cumulative Updates and Security Updates).

    If applications require new shares etc always check the permissions granted don't open up more access than is required.

    Apologies if your reason for wanting to do this is not security related.

  3. #3
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    905
    Thank Post
    41
    Thanked 69 Times in 66 Posts
    Rep Power
    18
    There is a reg key. You need to ban exes/scripts on pen drives and home drives to prevent scanning. Quite right about ntfs and share permissions being correctly set.

  4. #4

    Join Date
    Jul 2012
    Posts
    5
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    It is predominantly security related because I obviously want to prevent any unexpected 'meddling' by users. The share permissions, NTFS security etc on the sysvol, netlogon folders are defaults set when the server was installed so I'm assuming that those are correct. As for the shares I have created I followed best practice regarding sharing 'Everyone' Group and so on. When logged in users can access only the shares I expect (their Home Folder, Student Shared Folder) and no others so I think that is Okay.

    The Network Icon, however, still allows them to view and access computers~folders that the shouldn't. I will re-check permissions and security and try again.

    Thanks for your help Guys.

  5. #5

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,038
    Thank Post
    852
    Thanked 2,664 Times in 2,261 Posts
    Blog Entries
    9
    Rep Power
    767
    I'd just worry about the perms, if they are right they should not be able to change anything they are not allowed to, also make sure the network discovery feature is off on the server and the clients as that is a security Rick and probably the reason they are showing up in network places to start with.

  6. #6

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,656
    Thank Post
    283
    Thanked 318 Times in 192 Posts
    Rep Power
    141
    From experience, the more worrying thing about the Network window is the exposure of the Search Active Directory button. You can't hide this but you can set a GPO setting to always limit the number of search results returned to 0, rendering its use as a nosey-parker's tools effectively null and void.

  7. #7
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    416
    Thank Post
    43
    Thanked 66 Times in 61 Posts
    Rep Power
    18
    Quote Originally Posted by Ephelyon View Post
    From experience, the more worrying thing about the Network window is the exposure of the Search Active Directory button. You can't hide this but you can set a GPO setting to always limit the number of search results returned to 0, rendering its use as a nosey-parker's tools effectively null and void.
    Where is the GPO to set results to 0

  8. #8

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,656
    Thank Post
    283
    Thanked 318 Times in 192 Posts
    Rep Power
    141
    Under User Configuration:

    Administrative Templates > Desktop > Active Directory > Maximum size of Active Directory searches

    Enable and set to 0.

  9. Thanks to Ephelyon from:

    MordyT (1st September 2013)

  10. #9

    Join Date
    Jul 2012
    Posts
    5
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I think the perms are fine as they cannot edit anything in there. I will, however, add a reg entry to hide the icon anyway. Network discovery is off on the server and now off on the clients, with firewall exceptions for services that are required. I will update the Search Active Directory button GPO too!

    Thanks for your time and advice.

  11. #10

    Join Date
    Dec 2007
    Posts
    864
    Thank Post
    90
    Thanked 164 Times in 139 Posts
    Rep Power
    49
    Remove Network Icon (via Registry)

    Hive HKEY_LOCAL_MACHINE
    Key path SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \NonEnum
    Value name {F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
    Value type REG_DWORD
    Value data 0x1 (1)

SHARE:
+ Post New Thread

Similar Threads

  1. Switching off networked computers from the server
    By Renfield-64 in forum Windows Server 2012
    Replies: 11
    Last Post: 26th April 2013, 11:06 AM
  2. allow external computers to access the DC or domain users
    By taxman in forum Windows Server 2008 R2
    Replies: 7
    Last Post: 24th October 2012, 08:43 AM
  3. [Joke] The best patients to operate on.
    By newpersn in forum Jokes/Interweb Things
    Replies: 0
    Last Post: 27th April 2012, 03:16 PM
  4. Replies: 5
    Last Post: 1st November 2010, 03:18 PM
  5. Explaining the cause of problems to users
    By pete in forum General Chat
    Replies: 18
    Last Post: 7th November 2006, 10:16 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •