[gptalk] Re: Restrict Users From Creating Shares
- From: "Cruz, Jerome L" <jerome.l.cruz@xxxxxxxxxx>
- To: "gptalk@xxxxxxxxxxxxx" <gptalk@xxxxxxxxxxxxx>
- Date: Fri, 30 May 2008 13:14:45 -0500
As long as you can get a Vista "Administration" system running for yourself,
you can create GPOs which configure GPPEs in a Windows Server 2003 DC
environment. That said, you do also have to deploy your down-level systems with
the GPPE client extensions so they can look for and read them (they are stored
as XML files within the GPOs in SYSVOL). However, as MS has released them,
GPPEs do not go back to Windows 2000 devices.
Also, note that ADMX templates create the same "GPO configuration files" in
SYSVO (Registry.Pol, etc.) as the ADM templates, so that is not an issue.
Jerry Cruz | Group Policies Product Manager | Windows Infrastructure
Architecture (http://wia.web.boeing.com<http://wia.web.boeing.com/>) | Boeing IT
Office 425-865-6755 | Mobile 425-591-6491
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Buonora, Craig (SABIC Innovative Plastics, consultant)
Sent: Friday, May 30, 2008 11:06 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Restrict Users From Creating Shares
Thank you for the reply. Currently we are not in production with 2008 nor Vista
so the ADMX files I am sure will not work with XP let alone 2K. I definitely am
trying to prevent users from creating new shares, but not totally remove the
current ones until they are evaluated.
Thank you for the comments,
Craig
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Nelson, Jamie R
Sent: Friday, May 30, 2008 11:21 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Restrict Users From Creating Shares
I thought you could do this through local security policy, but I guess I was
mistaken.
The best option is to use the new, FREE GPP extensions available on Vista SP1
RSAT or Server 2008. Under [Computer Configuration > Preferences > Windows
Settings > Network Shares], right-click and select "New > Network Share".
Change the action to "Delete" and select the checkboxes that say "Delete all
regular shares" and "Delete all hidden non-administrative shares". That should
do the trick, because even if a user creates a share it will get removed at the
next background refresh of Group Policy. :)
Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N
T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 |
http://www.integrisok.com<http://www.integrisok.com/>
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Buonora, Craig (SABIC Innovative Plastics, consultant)
Sent: Friday, May 30, 2008 8:40 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Restrict Users From Creating Shares
I am sure this topic has come up but thought I'd fire it out here to see if
anyone has created a GPO or otherwise to restrict users from creating shares on
their PC (even if they have local admin privileges).
Thanks,
Craig M. Buonora
________________________________
This e-mail may contain identifiable health information that is subject to
protection under state and federal law. This information is intended to be for
the use of the individual named above. If you are not the intended recipient,
be aware that any disclosure, copying, distribution or use of the contents of
this information is prohibited and may be punishable by law. If you have
received this electronic transmission in error, please notify us immediately by
electronic mail (reply).
Other related posts:
