[gptalk] Re: Restrict Users From Creating Shares

• From: "Cruz, Jerome L" <jerome.l.cruz@xxxxxxxxxx>
• To: "gptalk@xxxxxxxxxxxxx" <gptalk@xxxxxxxxxxxxx>
• Date: Fri, 30 May 2008 13:02:49 -0500

For Vista (and higher) devices, I'm wondering if creating a Share on a device 
creates an event log entry (or if a device can be configured to do so). If so, 
then a Scheduled Task could possibly setup with an Event Trigger (created a 
Share) to delete it 'right away'. Just a thought...

Jerry Cruz | Group Policies Product Manager | Windows Infrastructure 
Architecture (http://wia.web.boeing.com<http://wia.web.boeing.com/>) | Boeing IT
Office 425-865-6755 | Mobile 425-591-6491

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Nelson, Jamie R
Sent: Friday, May 30, 2008 8:51 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Restrict Users From Creating Shares

Back in the day I used a startup script to do this as well as remove shared 
printers. It worked pretty good but was obviously reliant on the machine 
rebooting regularly. That's where a product like SpecOps Command can really 
come in handy because you can run scripts at whatever interval you desire (not 
just regular background refreshes).

Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N 
T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | 
http://www.integrisok.com<http://www.integrisok.com/>

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Friday, May 30, 2008 10:29 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Restrict Users From Creating Shares

Good call Jamie. The one thing I will add Craig, is that if the user has local 
administrator, none of this can stop them from doing what they want.

Darren

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Nelson, Jamie R
Sent: Friday, May 30, 2008 8:21 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Restrict Users From Creating Shares

I thought you could do this through local security policy, but I guess I was 
mistaken.

The best option is to use the new, FREE GPP extensions available on Vista SP1 
RSAT or Server 2008. Under [Computer Configuration > Preferences > Windows 
Settings > Network Shares], right-click and select "New > Network Share". 
Change the action to "Delete" and select the checkboxes that say "Delete all 
regular shares" and "Delete all hidden non-administrative shares". That should 
do the trick, because even if a user creates a share it will get removed at the 
next background refresh of Group Policy. :)

Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N 
T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | 
http://www.integrisok.com<http://www.integrisok.com/>

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Buonora, Craig (SABIC Innovative Plastics, consultant)
Sent: Friday, May 30, 2008 8:40 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Restrict Users From Creating Shares

I am sure this topic has come up but thought I'd fire it out here to see if 
anyone has created a GPO or otherwise to restrict users from creating shares on 
their PC (even if they have local admin privileges).

Thanks,

Craig M. Buonora


________________________________
This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).

________________________________
This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).

• References:
  • [gptalk] Re: Restrict Users From Creating Shares
    • From: Nelson, Jamie R
  • [gptalk] Re: Restrict Users From Creating Shares
    • From: Darren Mar-Elia
  • [gptalk] Re: Restrict Users From Creating Shares
    • From: Nelson, Jamie R

Other related posts:

• » [gptalk] Restrict Users From Creating Shares
• » [gptalk] Re: Restrict Users From Creating Shares
• » [gptalk] Re: Restrict Users From Creating Shares
• » [gptalk] Re: Restrict Users From Creating Shares
• » [gptalk] Re: Restrict Users From Creating Shares
• » [gptalk] Re: Restrict Users From Creating Shares
• » [gptalk] Re: Restrict Users From Creating Shares

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription