+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Windows Thread, Word 2003 Security SUCKS!! in Technical; When a student enters in \servername\ and hits enter, it immediately becomes a hyperlink. They are then able to browse ...
  1. #1

    Join Date
    Sep 2005
    Posts
    153
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    18

    Word 2003 Security SUCKS!!

    When a student enters in \\servername\ and hits enter, it immediately becomes a hyperlink. They are then able to browse the entire network for machines!!!

    Is their anyway of blocking UNC paths in hyperlinks from word? or windows itself?

    Thanks
    Mark

  2. #2

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740

    Re: Word 2003 Security SUCKS!!

    Turn off the browser service ?

  3. #3

    Join Date
    Sep 2005
    Posts
    153
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    18

    Re: Word 2003 Security SUCKS!!

    Thanks, had a look on that on my local machine, seems to prevent further access to other network machines, however, it still displays the requested server that was entered into "\\servername".

    Really want to stop UNC paths altogether!!!

    Thanks so far..

    Mark

  4. #4

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740

    Re: Word 2003 Security SUCKS!!

    Really want to stop UNC paths altogether!!!
    Hmmm, not really advisable. As long as you have proper security / passwords set on your servers / shares etc its not going to be a problem....

  5. #5
    PEO
    PEO is offline
    PEO's Avatar
    Join Date
    Oct 2007
    Posts
    2,093
    Thank Post
    457
    Thanked 150 Times in 95 Posts
    Rep Power
    71

    Re: Word 2003 Security SUCKS!!

    stick a $ at the end of your share names, that will hide them, and make sure your permissions are setup correctly on all shares

  6. #6
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20

    Re: Word 2003 Security SUCKS!!

    Blocking UNC in Windows will stop plenty of other services working.

    In terms of handling Windows and UNC, suggest you disable the Computer Browser service on everything via AD.

    Configure it so no workstation is ever set as a Master Browser.
    Lastly, use NET CONFIG SERVER /HIDDEN:YES

    This will make all your PCs invisible on the browse lists (even if the kids somehow get to network neighbourhood).

    As far as Office 2002/2003 go:
    Get hold of the Office 2002/2003 Reskits (freely downloadable).
    Unpack the .ADM files that are present.

    Create a new GP (suggest you do this in a limited OU to minimise risk to start with).
    Add the WORD10.ADM and WORD11.ADM files into it.

    Navigate to the following:
    User Config -> Administrative Templates
    Microsoft Word 2002 (or Microsoft Office Word 2003)
    Tools... Autocorrect -> Autoformat as you type.
    You should see 'Internet and Network paths with Hyperlinks'.
    Disable this (as this stops it working).

    Next...
    While still under the Word 2002 heading in your GP:
    Go to Tools... Options -> Edit
    You should see 'Use CTRL + Click to follow hyperlink'.
    As before, disable this.

    Repeat this for Office 2002 or 2003, whichever you didn't change above.

    Login as a student (who will get this new GP) and test away.
    We've got this all in use here and even though our kids can still use \\uncpath in the open box - they won't get anywhere they can't get to anyway via drive letters.

    Hope that helps.

    Az

  7. Thanks to azrael78 from:

    projector1 (24th July 2009)

  8. #7

    Join Date
    Sep 2005
    Posts
    153
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    18

    Re: Word 2003 Security SUCKS!!

    Just to confirm, I have tried all those suggestions with no joy.

    I have checked the new policy (with the Office adm template) is being applied, and it is, so it doesn't stop the problem I am having. Stopping the computer browser service on every local machine only works once. Once you restart word again, and type into a document, a \\servername hyperlink, you can browse the network again. I have tried with users with mandatory roaming profiles, and local administrator profiles, but no luck stopping this gaping hole in security. I agree that we should have very good security on all the shares, but I have managed to lock down network neighbourhood/my network places in word/explorer, but it still appears in word/office apps!!!

    This sucks!! If their is a way to prevent access COMPLETELY to Browse entire network, I would like to hear it microsoft!

    rant over
    Mark

  9. #8
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20

    Re: Word 2003 Security SUCKS!!

    Quote Originally Posted by markwilliamson2001
    Just to confirm, I have tried all those suggestions with no joy.

    I have checked the new policy (with the Office adm template) is being applied, and it is, so it doesn't stop the problem I am having. Stopping the computer browser service on every local machine only works once. Once you restart word again, and type into a document, a \\servername hyperlink, you can browse the network again. I have tried with users with mandatory roaming profiles, and local administrator profiles, but no luck stopping this gaping hole in security. I agree that we should have very good security on all the shares, but I have managed to lock down network neighbourhood/my network places in word/explorer, but it still appears in word/office apps!!!

    This sucks!! If their is a way to prevent access COMPLETELY to Browse entire network, I would like to hear it microsoft!

    rant over
    Mark
    Mark,

    Try one thing at a time - disabling the computer browsing services etc will stop computers showing up when the kids decide to browse the network, but it won't stop them browsing.

    If you want to stop the computer browser service, you need to set the 'Computer Browser' service to Disabled.
    This should be done for all workstations and servers (if you want to hide everything).
    Best way to do that is via Group Policy -> Computer Configuration -> Security Settings -> System Services -> Computer Browser.

    Set this to disabled here (perhaps try it for a limited OU).

    On a side-note, it's also worth disabling the Messenger service also - unless you need WinPopup/NET SEND capabilities.

    If you are still having problems, I will fish out the exact steps I took to disable browsing here.

  10. #9

    Join Date
    Sep 2005
    Posts
    153
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    18

    Re: Word 2003 Security SUCKS!!

    I have disabled computer browser service on every machine, using Group Policy, but it hangs the first time you use the hyperlink hack in word. If you restart word, and try again, you can still browse the network!! I did actually disable the service using Group Policy, rather than just stopping it.

    I have also now started working on better security on all the shares on servers around school.

    Mark

  11. #10
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74

    Re: Word 2003 Security SUCKS!!

    Same as MrHappy I'd make sure your shares and permissions are set correctly and hide shared with a $ then you don't really have to worry. Also if you are using 2003 server then you can use "access based enumeration" to hide folders from prying eyes.

  12. #11
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20

    Re: Word 2003 Security SUCKS!!

    The templates attached are the same ones we use here for securing Word XP and Word 2003.

    If you try these templates, hopefully it should help.
    Attached Files Attached Files

  13. #12
    projector1's Avatar
    Join Date
    Nov 2005
    Posts
    460
    Thank Post
    70
    Thanked 1 Time in 1 Post
    Rep Power
    18
    just configuring the settings to stop \\ browsing

    but cannot see

    'Internet and Network paths with Hyperlinks'.

    in the group policy setting

    i do have the setting


    'Use CTRL + Click to follow hyperlink'.

    office version is 2003
    thx

  14. #13

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    To be honest I don't believe you can stop this as it's by design, however, you should take a look at Access Based Enumeration or ABE.

    I wouldn't worry too much whether users can browse computer objects. It's shares and what those shares contain which are far more critical.

  15. #14

    Join Date
    Feb 2009
    Posts
    460
    Thank Post
    66
    Thanked 34 Times in 21 Posts
    Blog Entries
    1
    Rep Power
    19
    I have just added the office 2003 adm files to a 2008 server and am trying to set the setting to stop the \\server working but like projector1 above I can't find the "internet and network path hyperlink" option. there are also other options in there which I might want to set but as there are no descriptions I'm reluctant to fiddle... does anyone know of a help document that can, well as the name describes, help on this? thanks

  16. #15
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    I never found that setting either.

    TBH I decided this was a bit of a non issue after installing Inkskape and GIMP which freely let you browse the C: drive and network neighborhood from the open file dialogue box even though both are banned in GP.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. [MS Office - 2003] Word 2003 Recovery
    By firefox_2006 in forum Office Software
    Replies: 9
    Last Post: 9th June 2008, 11:34 AM
  2. MS Word 2003 (as part of Office 2003) Printing Problems...
    By markwilliamson2001 in forum Windows
    Replies: 2
    Last Post: 22nd November 2007, 01:06 PM
  3. Word 2003 Problems
    By pallen in forum Windows
    Replies: 4
    Last Post: 25th October 2007, 03:04 PM
  4. word 2003 adm
    By chrbb in forum How do you do....it?
    Replies: 11
    Last Post: 20th June 2007, 12:06 PM
  5. Word 2003 Tables
    By Mintsoft in forum Windows
    Replies: 2
    Last Post: 26th May 2006, 11:24 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •