rodentcentre
MIS
is there a group policy that allows me to disable a groups rights to map drives?? Thanks.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
prohibit users from mapping drives 1
- Thread starter rodentcentre
- Start date
- Status
I don't know if you can stop users from Mapping drives but i do know that you can Hide shares by using a $
If you hide the share then the user would need to know both the server name and share name in order to map the drive using the command line.
If you hide the share then the user would need to know both the server name and share name in order to map the drive using the command line.
-
1
- #3
You can drill down to the group policy under a specific group (like the one you created in thread and go down to User Configuration, Administrative Templates, Windows Components, and Windows Explorer. Look in the list in the right pane and enable the "Remove "Map Network Drive" and "Disconnect Network Drive"" which removes those commands from the toolbar and tools menus in Windows Explorer and My Network Places. This doesn't block the user from direct connecting to the share from the run command (\\yourserver\yourshare) though, so you may want to diable it too. There are lots of options in there you may want to look at and there are explanation for each one.
***Take note, if these are outside people that you are joining to your domain temporarily, you will want to be sure to remove these restrictions from their machines before they leave, because there has been times when a user joins that machine to another network, those restrictions get locked in on the workstation and it's difficult to remove. I've seen this happen on a Win2k Pro box just a few weeks ago.***
***Take note, if these are outside people that you are joining to your domain temporarily, you will want to be sure to remove these restrictions from their machines before they leave, because there has been times when a user joins that machine to another network, those restrictions get locked in on the workstation and it's difficult to remove. I've seen this happen on a Win2k Pro box just a few weeks ago.***
Also forgot to mention that this might not keep them from going to a command window and mapping the drive that way, (ex. Net use f: \\yourserver\yourshare) I haven't tested that out as most of the machines I've worked with have access to nothing except the programs they have installed.
- Thread starter
- #5
rodentcentre
MIS
thanks a bunch Car, I appreciate your help on this.
GlenJohnson
MIS
FYI, a gent I know that was on one of the teams that wrote W2K told me that using the $ can cause problems. Said he wished they had never come up with that. It's supposed to be for system usage only.
Glen A. Johnson
To get the best awnsers to your questions, check out faq950-5848
If your from the Chicagoland area, check out Tek-Tips in Chicago IL
Glen A. Johnson
To get the best awnsers to your questions, check out faq950-5848
If your from the Chicagoland area, check out Tek-Tips in Chicago IL
bofhrevenge2
MIS
Can you elaborate on that Glen? I've covered several large networks in the past that have extensively used the $ to hide shares and I’ve never observed adverse effects.
I'm not saying you're wrong, just wondering if it's something that's improved since to original Win2k.
"Sometimes, a cigar is just a cigar." - Sigmund Freud
I'm not saying you're wrong, just wondering if it's something that's improved since to original Win2k.
"Sometimes, a cigar is just a cigar." - Sigmund Freud
GlenJohnson
MIS
Maybe they took care of the problem. It's been several years since the class, and a quick google search now keeps pointing me to using the $.
![[blush]](/data/assets/smilies/blush.gif "[blush] [blush]")
If I find out more I'll let you know.
Glen A. Johnson
To get the best awnsers to your questions, check out faq950-5848
If your from the Chicagoland area, check out Tek-Tips in Chicago IL
If I find out more I'll let you know.
Glen A. Johnson
To get the best awnsers to your questions, check out faq950-5848
If your from the Chicagoland area, check out Tek-Tips in Chicago IL
Just a possible way around the "net use" :
Create a batch file called NET.BAT and put it in a directory that is referenced in the PATH environment variable before WINNT\SYSTEM32, which is where the NET.EXE program lives.
Contents of NET.BAT should be:
@echo off
if /I '%1'=='use' goto End
%WINDIR%\SYSTEM32\NET.EXE %1 %2 %3 %4 %5 %6 %7 %8 %9
:End
What is this doing?
Because of the path statement, NET.BAT will be found before NET.EXE, and so it will get run instead. This will not happen if the current directory is \WINNT\SYSTEM32.
Because we don't want to block off all the NET functions, the first line does a case insensitive (/I) compare of the first parameter. If it's not USE then it calls the real NET program.
{The above is something I got from the web (maybe here) regarding stopping people from abusing the NET SEND- modified above for NET USE instead - I do not take credit for the modified solution)
PS: If not sure about PATH environment variable order, open a command prompt at a workstation and type: set
Claudius (What certifications??)
Create a batch file called NET.BAT and put it in a directory that is referenced in the PATH environment variable before WINNT\SYSTEM32, which is where the NET.EXE program lives.
Contents of NET.BAT should be:
@echo off
if /I '%1'=='use' goto End
%WINDIR%\SYSTEM32\NET.EXE %1 %2 %3 %4 %5 %6 %7 %8 %9
:End
What is this doing?
Because of the path statement, NET.BAT will be found before NET.EXE, and so it will get run instead. This will not happen if the current directory is \WINNT\SYSTEM32.
Because we don't want to block off all the NET functions, the first line does a case insensitive (/I) compare of the first parameter. If it's not USE then it calls the real NET program.
{The above is something I got from the web (maybe here) regarding stopping people from abusing the NET SEND- modified above for NET USE instead - I do not take credit for the modified solution)
PS: If not sure about PATH environment variable order, open a command prompt at a workstation and type: set
Claudius (What certifications??)
- Status
Similar threads
