Announcement

Collapse
No announcement yet.

Active directory tab viewable from users sessions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active directory tab viewable from users sessions

    I have created a locked down GPO on a 2003 DC for a 2008 server with TS role that will have a number of users will be logging onto.

    On testing it out for vulnerabilities, I notice that if I click on "my computer", then in the explorer bar on the left hand side click "network" , it brings up a screen similiar to this :

    http://keithelder.net/blog/images/keithelder_net/blog/WindowsLiveWriter/WindowsServer2008asaWorkstationandUPnPNe_13AB5/image_2.png

    Except on the screen I have there is a "search active directory" tab in between, "views" & "network & sharing" tabs.

    The users cant see any discoverable computer when they click on "network" & clicking on "network & sharing" gives them a restriction warning, which is ok, but they can click on this "active directory" tab & search. They cant modify anything, but they can still have a good look around it, which I dont want.

    How can I remove or restrict access to this active directory tab? I gather if I had a 2008 DC, then I would probably have extra features to lock this area down, but 2003 isnt aware of those features so cant affect them.

  • #2
    Re: Active directory tab viewable from users sessions

    Originally posted by mobius2011 View Post
    I have created a locked down GPO on a 2003 DC for a 2008 server with TS role that will have a number of users will be logging onto.

    On testing it out for vulnerabilities, I notice that if I click on "my computer", then in the explorer bar on the left hand side click "network" , it brings up a screen similiar to this :

    http://keithelder.net/blog/images/keithelder_net/blog/WindowsLiveWriter/WindowsServer2008asaWorkstationandUPnPNe_13AB5/image_2.png

    Except on the screen I have there is a "search active directory" tab in between, "views" & "network & sharing" tabs.

    The users cant see any discoverable computer when they click on "network" & clicking on "network & sharing" gives them a restriction warning, which is ok, but they can click on this "active directory" tab & search. They cant modify anything, but they can still have a good look around it, which I dont want.

    How can I remove or restrict access to this active directory tab? I gather if I had a 2008 DC, then I would probably have extra features to lock this area down, but 2003 isnt aware of those features so cant affect them.
    I read the other day on another thread that if you insall the RSAT tools on a windows 2008 server or Vista SP1 client, it allows you to set additional policies on the Windows 2003 domain. Worth a try. It did mention 'preferences' being available as one of them.

    If you install the GPMC, it should give you the additional options.

    Comment


    • #3
      Re: Active directory tab viewable from users sessions

      that if you insall the RSAT tools on a windows 2008 server or Vista SP1 client, it allows you to set additional policies on the Windows 2003 domain.
      Ok, I thought they were more for remote management, but hey, anything is worth a try. Thanks.

      Comment


      • #4
        Re: Active directory tab viewable from users sessions

        Originally posted by mobius2011 View Post
        Ok, I thought they were more for remote management, but hey, anything is worth a try. Thanks.
        They are. I may be wrong regarding GPMC being part of it but either way, install GPMC on a Vista SP1 or Windows 2008 server and see that Group Policy items you have available. GPMC will then remote in to an AD.

        Comment

        Working...
        X