none
Share Access - Limited

    Question

  • Hi,

    We have Active Directory Server and we have many administrator users and they are accessing client computers using UNC path (for ex. \\192.168.100.2\c$), following is requirement -

    Administrator users or normal users should access to shared folders only, if Administrator users or normal users are trying to access any machines using \\192.168.100.2\c$ then it should prompt access denied message for all users.

    Please let me know how can we do this and if possible then same can be configured using group policy?

    Your reply is highly appreciated.

    Regards,

    Arjun


    Arjun V.

    Tuesday, August 02, 2016 6:39 AM

Answers

  • > Templates\Start Menu and Taskbar\ Remove Run menu from Start Menu. If
    > the above setting is enabled, the user will be blocked from entering a
    > UNC path.
     
    ...in explorer, yes. But not in internet explorer/firefox/chrome, and
    not on the command line.
     
    What the TO wants is "Security Settings/User Rights assignment": Deny
    access to this computer from the network.
     
    Tuesday, August 02, 2016 9:24 AM

All replies

  • Hi Arjun,
    Please have a try to enable policy: User Configuration\Administrative Templates\Start Menu and Taskbar\ Remove Run menu from Start Menu. If the above setting is enabled, the user will be blocked from entering a UNC path. The NoRun policy removes the ability to launch commands or processes from the Start menu by removing the "Run" option, but also removes the ability to enter direct (UNC) paths in the address bar of the Windows Explorer.

    Since it's a user policy, it doesn't apply to computers, only to users.  Normally, a user policy follows a user around to whatever computer they log into, but you want this policy to not follow the user to those particular computers which are hosting shared folders, in this case, you need to use Loopback policy mode. This policy directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this policy. It is intended for special-use computers. Please see details from:
    User Group Policy loopback processing mode
    https://technet.microsoft.com/en-us/library/cc978513.aspx
    Windows Server: Understand “User Group Policy Loopback Processing Mode”
    https://social.technet.microsoft.com/wiki/contents/articles/2548.windows-server-understand-user-group-policy-loopback-processing-mode.aspx
    Regards,
    Wendy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, August 02, 2016 8:39 AM
    Moderator
  • > Templates\Start Menu and Taskbar\ Remove Run menu from Start Menu. If
    > the above setting is enabled, the user will be blocked from entering a
    > UNC path.
     
    ...in explorer, yes. But not in internet explorer/firefox/chrome, and
    not on the command line.
     
    What the TO wants is "Security Settings/User Rights assignment": Deny
    access to this computer from the network.
     
    Tuesday, August 02, 2016 9:24 AM