Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

is there a way to *hide* local user id's from the network?

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

is there a way to *hide* local user id's from the network?

Old 02-05-04, 11:24 AM
  #1  
DVD Talk Legend
Thread Starter
 
Join Date: Jul 2000
Location: chokin' you out in less than 30 seconds
Posts: 10,634
Likes: 0
Received 0 Likes on 0 Posts
is there a way to *hide* local user id's from the network?

windows xp, 2k and 2k server.

i'd like to be able to hide the user id's on these operating systems from network browsing. even though all my servers and machines that my group is in direct control of are patched and regularly virus scanned, some machines that are allowed to touch our network may not be. we *still* to this day have infected machines lockout every friggin' local id on the boxes that have shares open.

not having much luck finding a way through google search...but who knows, maybe i'm not searching the right phrases.

thanks.

cranky.
Old 02-05-04, 11:44 AM
  #2  
DVD Talk Hall of Fame
 
Join Date: Jun 1999
Location: PDX Metro
Posts: 8,953
Likes: 0
Received 0 Likes on 0 Posts
Can you go into more detail?

What kind of network is this? What type of security are you using? Have you tried disabling the Computer Browser service?
Old 02-05-04, 12:03 PM
  #3  
DVD Talk Legend
Thread Starter
 
Join Date: Jul 2000
Location: chokin' you out in less than 30 seconds
Posts: 10,634
Likes: 0
Received 0 Likes on 0 Posts
without mentioning company names,

it's a very large network that incorporates an internet firewall, but intranet is secured only by router port blocking (i'm not the network admin - i'm a server farm admin and workstation admin).

occasionaly, a machine infected with one of the worms such as bat.mumu that attempts spreading across network shares will gain access to the local accounts on the servers and workstations and attempt passwords, thusly locking out the account. which is a p.i.a. on the machines running db2.

as a rule, computer browser service is disabled.
Old 02-05-04, 02:44 PM
  #4  
New Member
 
Join Date: Feb 2004
Posts: 14
Likes: 0
Received 0 Likes on 0 Posts
Cranky
I think you might be going about this the wrong way. Have you tried using policies to disable network access to local accounts. In the Group Policy editor in XP you would look in:
Local Comp Policy/Comp Config/Windows Settings/Security Settings/Local Policies/User rights assignments

Basically, create a domain group i.e. AccessServerFamr1 on domain UK. Then apply a policy that only members of UK\AccessServerFarm1 can access that server i.e. Add this domain group to "Access this computer from the network" policy in location shown above.

From the sounds of it, the bug would use a local account, from it's host machine, (admin or whatever) to access the share point of the next PC. If you're using a domain group and add domain users to this group, the local account access will simply be denied to the other PC/Server and depending on settings, only the locally used account of the faulting PC would lock out.

I think this can work since the users would logon using account details that would not be local accounts, but rather domain accounts, and their access would be determined by their domain membership. You've basically got a "2 birds 1 stone" scenario, as you would also now be able to deny/allow users access by simple group removals/additions.

Certainly hope this helps or goes in the right direction for you.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.