+ Post New Thread
Results 1 to 13 of 13
Windows Thread, Stop access to \servername in ie7 in Technical; I have just had one kid in here saying that he got access to my IT Wiki - he actually ...
  1. #1
    DSapseid's Avatar
    Join Date
    Feb 2007
    Location
    West Sussex
    Posts
    1,152
    Thank Post
    130
    Thanked 54 Times in 47 Posts
    Rep Power
    38

    Stop access to \\servername in ie7

    I have just had one kid in here saying that he got access to my IT Wiki - he actually only got as far as the login page but thats far enough.

    Is there anyway that i can stop users from typing \\servername into ie7 or just block access from this server somehow?

    I am using wamp server to host the wiki on, i have tried giving the group all students deny all access on that folder but it doesnt work.

  2. #2

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Do you have the ie7 adm installed?

    IM not sure which GPO it is, but on ours with a student account if they try to do a \\anything it comes back with a "accessing the resource has been disallowed"

  3. #3

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    possibly

    User Configuration -> Administrative Templates -> Windows Components -> IE -> Browser menus -> Disable context menu

    ?

  4. #4
    DSapseid's Avatar
    Join Date
    Feb 2007
    Location
    West Sussex
    Posts
    1,152
    Thank Post
    130
    Thanked 54 Times in 47 Posts
    Rep Power
    38
    Context menu is right click isnt it?

  5. #5

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    yep, your right. Ignore that.

    However, I also have Run disabled on the start menu. Might be worth trying that?

  6. #6

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    I think the simple answer is "no you can't" because Explorer and Internet Explorer are tightly integrated.

    You've clearly done a good job locking down policies and they're being prompted for a username and password to view shares of the server. To make things that little bit harder, within Active Directory, copy the Administrator account and name it anything you like - then disable the administrator account. They'll need to guess the administrator username and password now.

  7. #7


    Join Date
    Oct 2006
    Posts
    3,411
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    148
    Read how to edit the httpd.conf file in apache. You can set up whatever ACLs you want

  8. #8

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Re: Disable Run Command and UNC Path

    If you enable this setting, the following changes occur:
    (1) The Run command is removed from the Start menu.
    (2) The New Task (Run) command is removed from Task Manager.
    (3) The user will be blocked from entering the following into the Internet
    Explorer Address Bar:
    --- A UNC path: \\<server>\<share>
    ---Accessing local drives: e.g., C:
    --- Accessing local folders: e.g., \temp>

  9. #9


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    If you don't want someone to access something it is better to disable access to the server by correctly setting the permissions.

    disabling \\servername in one application might just obscure the problem - can they do it in MSword as well ?

  10. #10
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106
    There is a policy that disallows the use of UNC paths. I have it in use. I will try and find the setting tomorrow for you.
    I have never played with a wamp install only LAMP and WIMP I am guessing you are going to need to play with mod_NTLM and the like for securing the directory. I had a recent post about it between me and Geoff although he had me looking in the wrong place for a while!

    Renaming the admin account is a good idea in theory but someone is bound to see you typing your admin account name eventually. Any serious enumeration of accounts also easily identifies the admin accounts since the SID always ends with 500. Not something most kids will be capable of but something to bear in mind anyway.

  11. #11

    Join Date
    May 2008
    Posts
    56
    Thank Post
    33
    Thanked 3 Times in 3 Posts
    Rep Power
    13
    This is disabled by disallowing access to Start -> Run

    Set User Configuration -> Administrative Templates -> Start Menu and Taskbar -> Remove Run menu from Start Menu to Enabled

  12. #12

    Join Date
    Mar 2007
    Posts
    323
    Thank Post
    6
    Thanked 7 Times in 6 Posts
    Rep Power
    16
    Saying if someone brought in a laptop from home and plugged into the network. Without RADIUS or some other form of network access protection, how would you prevent non-domain members from browsing network shares?

    I know theres a way somewhere, I just don't like the idea of prevent the RUN being seen.

    NTFS is ok, but theres some shares that need to be accessed by some software for students. To the DOMAIN workstations, they are unable to see these shares because of the tight restrictions.

    Thanks for any help

  13. #13

    Join Date
    Dec 2008
    Location
    Blackpool
    Posts
    3
    Thank Post
    0
    Thanked 3 Times in 1 Post
    Rep Power
    0
    If a non domain user hits any of your network shares they should still be prompted for a domain account if permission's are set correctly, also if you just want to say stop kids from hitting your wiki why not just change the port to something other than port 80?

SHARE:
+ Post New Thread

Similar Threads

  1. How do I stop this??
    By actech in forum Wireless Networks
    Replies: 7
    Last Post: 13th October 2008, 09:15 PM
  2. STOP IT
    By faza in forum Wireless Networks
    Replies: 7
    Last Post: 11th April 2008, 11:02 AM
  3. Stop
    By Jamie2000uk in forum Network and Classroom Management
    Replies: 3
    Last Post: 24th January 2008, 10:19 PM
  4. Replies: 2
    Last Post: 30th July 2007, 08:49 AM
  5. Stop internet access from address bar
    By adamyoung in forum How do you do....it?
    Replies: 13
    Last Post: 25th January 2006, 12:45 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •