For Vista (and higher) devices, I'm wondering if creating a Share on a device creates an event log entry (or if a device can be configured to do so). If so, then a Scheduled Task could possibly setup with an Event Trigger (created a Share) to delete it 'right away'. Just a thought... Jerry Cruz | Group Policies Product Manager | Windows Infrastructure Architecture (http://wia.web.boeing.com<http://wia.web.boeing.com/>) | Boeing IT Office 425-865-6755 | Mobile 425-591-6491 From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R Sent: Friday, May 30, 2008 8:51 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Restrict Users From Creating Shares Back in the day I used a startup script to do this as well as remove shared printers. It worked pretty good but was obviously reliant on the machine rebooting regularly. That's where a product like SpecOps Command can really come in handy because you can run scripts at whatever interval you desire (not just regular background refreshes). Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | http://www.integrisok.com<http://www.integrisok.com/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Friday, May 30, 2008 10:29 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Restrict Users From Creating Shares Good call Jamie. The one thing I will add Craig, is that if the user has local administrator, none of this can stop them from doing what they want. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R Sent: Friday, May 30, 2008 8:21 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Restrict Users From Creating Shares I thought you could do this through local security policy, but I guess I was mistaken. The best option is to use the new, FREE GPP extensions available on Vista SP1 RSAT or Server 2008. Under [Computer Configuration > Preferences > Windows Settings > Network Shares], right-click and select "New > Network Share". Change the action to "Delete" and select the checkboxes that say "Delete all regular shares" and "Delete all hidden non-administrative shares". That should do the trick, because even if a user creates a share it will get removed at the next background refresh of Group Policy. :) Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | http://www.integrisok.com<http://www.integrisok.com/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Buonora, Craig (SABIC Innovative Plastics, consultant) Sent: Friday, May 30, 2008 8:40 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Restrict Users From Creating Shares I am sure this topic has come up but thought I'd fire it out here to see if anyone has created a GPO or otherwise to restrict users from creating shares on their PC (even if they have local admin privileges). Thanks, Craig M. Buonora ________________________________ This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply). ________________________________ This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply).