"Varadarajam" <Varadara***@discussions.microsoft.com> wrote in message
news:F84A17BA-6303-4F1C-A764-1C14C6FA0C3B@microsoft.com...
> Hi,
>
> This is Varadarajam. I need to maintain some security in my network. I
> will
> give the details follow.
>
> I have 2003 Domain Controllers and 2000 Professionals and XP Professionals
> as a client systems.
>
> What i wanna do is, Sharing and Security tabs should be disappeared in the
> Client systems even the users are in Local Admins group. Generally for
> normal
> users the Sharing tab will be disabled.
>
> But if that user is in Local Admin group Sharing tab will be enabled
> automatically, i want to disable that sharing option from the client
> systems.
> so, that the users can't share the folders or files from their systems.
>
> I wanna do this through group policy from my 2003 Enterprise Server Domain
> controller.
>
> I searched in the Internet i found only one solution. It didn't work for
> me.
> I though that solution is for only 2000 DCs.  This is the link which i
> found
> in the Internet.
>
> http://www.commodore.ca/windows/remove_sharing_security_tab.htm
>
> It didn't work out for me.
>
> So, Kindly help me out of this problem.
>
> Thanks and Regards
> Varadarajam.P.V.
>

"Steven L Umbach" wrote:

> You can easily enough remove the security tab through Group Policy but not
> the sharing tab. Also hiding access to such will generally not stop a
> knowledgeable users from using other methods as trying to limit an
> administrator will prove futile at least for some users. Keep in mind that
> local administrators can create local accounts to logon to in order to
> bypass domain level Group Policy for user configuration. It would be best to
> evaluate whether users can function without being local administrators.
> Another consideration is that you can manage the user right for access this
> computer from the network on your domain computers to allow only specified
> users/groups to access shares on your domain computers in case an
> unauthorized share is created. I suggest that you do not change that user
> right in however for domain controllers. For XP Pro computers the Windows
> Firewall can also be configured to allow file and print sharing only from
> specified IPs such as administrative workstations. Windows Firewall settings
> can be implemented via Group Policy for the domain profile for computers on
> the domain network.
>
> Steve
>
>
> "Varadarajam" <Varadara***@discussions.microsoft.com> wrote in message
> news:F84A17BA-6303-4F1C-A764-1C14C6FA0C3B@microsoft.com...
> > Hi,
> >
> > This is Varadarajam. I need to maintain some security in my network. I
> > will
> > give the details follow.
> >
> > I have 2003 Domain Controllers and 2000 Professionals and XP Professionals
> > as a client systems.
> >
> > What i wanna do is, Sharing and Security tabs should be disappeared in the
> > Client systems even the users are in Local Admins group. Generally for
> > normal
> > users the Sharing tab will be disabled.
> >
> > But if that user is in Local Admin group Sharing tab will be enabled
> > automatically, i want to disable that sharing option from the client
> > systems.
> > so, that the users can't share the folders or files from their systems.
> >
> > I wanna do this through group policy from my 2003 Enterprise Server Domain
> > controller.
> >
> > I searched in the Internet i found only one solution. It didn't work for
> > me.
> > I though that solution is for only 2000 DCs.  This is the link which i
> > found
> > in the Internet.
> >
> > http://www.commodore.ca/windows/remove_sharing_security_tab.htm
> >
> > It didn't work out for me.
> >
> > So, Kindly help me out of this problem.
> >
> > Thanks and Regards
> > Varadarajam.P.V.
> >
>
>
>

"Varadarajam" <Varadara***@discussions.microsoft.com> wrote in message
news:9ADAB56A-4387-4650-BD38-EA71D45DF1BF@microsoft.com...
> Hi Steve
>
> Thanks for your information.
>
> If i remove the user from the Local admin group .Net and IIS is not
> functioning properly.. Actually we wanna remove the users from the Local
> Admin group but these development programs are affecting. Is there any way
> to
> restirct the users without having Local Admin rights.
>
> Thanks and Regards
>
> Varadarajam.
>
> "Steven L Umbach" wrote:
>
>> You can easily enough remove the security tab through Group Policy but
>> not
>> the sharing tab. Also hiding access to such will generally not stop a
>> knowledgeable users from using other methods as trying to limit an
>> administrator will prove futile at least for some users. Keep in mind
>> that
>> local administrators can create local accounts to logon to in order to
>> bypass domain level Group Policy for user configuration. It would be best
>> to
>> evaluate whether users can function without being local administrators.
>> Another consideration is that you can manage the user right for access
>> this
>> computer from the network on your domain computers to allow only
>> specified
>> users/groups to access shares on your domain computers in case an
>> unauthorized share is created. I suggest that you do not change that user
>> right in however for domain controllers. For XP Pro computers the Windows
>> Firewall can also be configured to allow file and print sharing only from
>> specified IPs such as administrative workstations. Windows Firewall
>> settings
>> can be implemented via Group Policy for the domain profile for computers
>> on
>> the domain network.
>>
>> Steve
>>
>>
>> "Varadarajam" <Varadara***@discussions.microsoft.com> wrote in message
>> news:F84A17BA-6303-4F1C-A764-1C14C6FA0C3B@microsoft.com...
>> > Hi,
>> >
>> > This is Varadarajam. I need to maintain some security in my network. I
>> > will
>> > give the details follow.
>> >
>> > I have 2003 Domain Controllers and 2000 Professionals and XP
>> > Professionals
>> > as a client systems.
>> >
>> > What i wanna do is, Sharing and Security tabs should be disappeared in
>> > the
>> > Client systems even the users are in Local Admins group. Generally for
>> > normal
>> > users the Sharing tab will be disabled.
>> >
>> > But if that user is in Local Admin group Sharing tab will be enabled
>> > automatically, i want to disable that sharing option from the client
>> > systems.
>> > so, that the users can't share the folders or files from their systems.
>> >
>> > I wanna do this through group policy from my 2003 Enterprise Server
>> > Domain
>> > controller.
>> >
>> > I searched in the Internet i found only one solution. It didn't work
>> > for
>> > me.
>> > I though that solution is for only 2000 DCs.  This is the link which i
>> > found
>> > in the Internet.
>> >
>> > http://www.commodore.ca/windows/remove_sharing_security_tab.htm
>> >
>> > It didn't work out for me.
>> >
>> > So, Kindly help me out of this problem.
>> >
>> > Thanks and Regards
>> > Varadarajam.P.V.
>> >
>>
>>
>>