[gptalk] Re: Restrict Users From Creating Shares

  • From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 30 May 2008 10:51:04 -0500

Back in the day I used a startup script to do this as well as remove
shared printers. It worked pretty good but was obviously reliant on the
machine rebooting regularly. That's where a product like SpecOps Command
can really come in handy because you can run scripts at whatever
interval you desire (not just regular background refreshes).

 

Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Friday, May 30, 2008 10:29 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Restrict Users From Creating Shares

 

Good call Jamie. The one thing I will add Craig, is that if the user has
local administrator, none of this can stop them from doing what they
want.

 

Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R
Sent: Friday, May 30, 2008 8:21 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Restrict Users From Creating Shares

 

I thought you could do this through local security policy, but I guess I
was mistaken.

 

The best option is to use the new, FREE GPP extensions available on
Vista SP1 RSAT or Server 2008. Under [Computer Configuration >
Preferences > Windows Settings > Network Shares], right-click and select
"New > Network Share". Change the action to "Delete" and select the
checkboxes that say "Delete all regular shares" and "Delete all hidden
non-administrative shares". That should do the trick, because even if a
user creates a share it will get removed at the next background refresh
of Group Policy. J

 

Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Buonora, Craig (SABIC Innovative Plastics, consultant)
Sent: Friday, May 30, 2008 8:40 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Restrict Users From Creating Shares

 

I am sure this topic has come up but thought I'd fire it out here to see
if anyone has created a GPO or otherwise to restrict users from creating
shares on their PC (even if they have local admin privileges).

 

Thanks,

 

Craig M. Buonora

 

 

________________________________

This e-mail may contain identifiable health information that is subject
to protection under state and federal law. This information is intended
to be for the use of the individual named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited and may be
punishable by law. If you have received this electronic transmission in
error, please notify us immediately by electronic mail (reply). 



This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).

Other related posts: