Normal can access server through \\servername

Microsoft Windows server 2003 r2 standar...
September 30, 2009 at 03:06:12
Specs: Windows XP
Hi guys,
I come around a strange problem that my all users existing and which i create new can able to access the server through \\servername and can even check the netlogon and other folder. all normal users are member of Domain users group only. so where the problem coming and how i can stop them to not access server through \\servername ?
please help me out?

See More: Normal can access server through \\servername

Report •


#1
September 30, 2009 at 03:14:05
one more thing that in my lan setting i put my router ip address in gateway and the server ip address in dns, is this can create problem or can give access??

Report •

#2
September 30, 2009 at 13:44:23
Two issues. One is the level of the users. They might be way too high or have admin. Other is ntfs permissions on file system of server. Don't use deny unless last resort. RSOP tool may help if complex.

You allow cifs permissions full access but restrict by ntfs permissions. Deny's tend to override any permission.

Could it be that they are supposed to have their profiles on the server or their documents?

Playing to the angels
Les Paul (1915-2009)


Report •

#3
September 30, 2009 at 14:42:23
It is normal that users are able to access the server via \\servername\sharename

They also have rights to read netlogon since that is required for them to logon.

You need to clarify what is the issue. Accessing the server is something you want them to do. So your request to block them via \\servername makes no sense.

Now if they can access \\servername\C$ or Admin$ you have a wrong group assignment or you have granted authenicated users admin access. Both of which are incorrect.

concerning your second question about gateway and dns you have configured these correctly.


Report •

Related Solutions

#4
September 30, 2009 at 18:46:51
From MS 70-293


"Configuring Permissions Using a GPO
One of the most important security measures for a file and print server is protection for the user data stored on the server drives. You create this protection by using the NTFS file system on your drives and by using NTFS permissions to control access to the server drives. You can specify the permissions for your NTFS drives in a GPO by browsing to the File System container in the Group Policy Object Editor console and, from the Action menu, selecting Add File. In the series of dialog boxes that appear, you perform the following tasks:
1. Specify the files or folders for which you want to configure file system permissions.
2. Specify the permissions you want to assign to the selected files or folders.
3. Specify whether you want the permissions to be inherited by subfolders.
By default, all the NTFS drives on a computer running Windows Server 2003, except the system drive, have Full Control permission assigned to the Everyone group. Therefore, it is up to you to design a directory structure and a system of permissions for your drives that gives users only the access they need to the files stored there."

Playing to the angels
Les Paul (1915-2009)


Report •

#5
September 30, 2009 at 20:48:04
"able to access the server through \\servername and can even check the netlogon"

Jefro this is a network access issue not a file permissions issue.

Do you see anything wrong with a domain user being able to see the netlogon folder?


Report •

#6
October 2, 2009 at 13:34:40
Depends on where it is. It should be denied (by default as 2003 is slightly hardened) on root but may be able to see on attached drives.

Playing to the angels
Les Paul (1915-2009)


Report •


Ask Question