As long as you can get a Vista "Administration" system running for yourself, you can create GPOs which configure GPPEs in a Windows Server 2003 DC environment. That said, you do also have to deploy your down-level systems with the GPPE client extensions so they can look for and read them (they are stored as XML files within the GPOs in SYSVOL). However, as MS has released them, GPPEs do not go back to Windows 2000 devices. Also, note that ADMX templates create the same "GPO configuration files" in SYSVO (Registry.Pol, etc.) as the ADM templates, so that is not an issue. Jerry Cruz | Group Policies Product Manager | Windows Infrastructure Architecture (http://wia.web.boeing.com<http://wia.web.boeing.com/>) | Boeing IT Office 425-865-6755 | Mobile 425-591-6491 From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Buonora, Craig (SABIC Innovative Plastics, consultant) Sent: Friday, May 30, 2008 11:06 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Restrict Users From Creating Shares Thank you for the reply. Currently we are not in production with 2008 nor Vista so the ADMX files I am sure will not work with XP let alone 2K. I definitely am trying to prevent users from creating new shares, but not totally remove the current ones until they are evaluated. Thank you for the comments, Craig ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R Sent: Friday, May 30, 2008 11:21 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Restrict Users From Creating Shares I thought you could do this through local security policy, but I guess I was mistaken. The best option is to use the new, FREE GPP extensions available on Vista SP1 RSAT or Server 2008. Under [Computer Configuration > Preferences > Windows Settings > Network Shares], right-click and select "New > Network Share". Change the action to "Delete" and select the checkboxes that say "Delete all regular shares" and "Delete all hidden non-administrative shares". That should do the trick, because even if a user creates a share it will get removed at the next background refresh of Group Policy. :) Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | http://www.integrisok.com<http://www.integrisok.com/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Buonora, Craig (SABIC Innovative Plastics, consultant) Sent: Friday, May 30, 2008 8:40 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Restrict Users From Creating Shares I am sure this topic has come up but thought I'd fire it out here to see if anyone has created a GPO or otherwise to restrict users from creating shares on their PC (even if they have local admin privileges). Thanks, Craig M. Buonora ________________________________ This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply).