none
windows server 2012 r2 ad gpo how to disable folder sharing under file explorer

    Question

  • Hello

    We publish applications thru RDS on a windows server 2012 r2. We also publish the file explorer with limited access to files and explorer options. We use a GPO to define these options. Clients are accessing thru RDWEB.

    One option we want to disable is the file sharing tab on our published file Explorer . Not that our users can do any real sharing because the security won't let them, but they still have the possibility to try sharing and during this process they are offered the search facility that let them search and discover AD users. This is what we want to avoid. 

    Does anyone know how to disable the Share tab?

    thanks

    Thursday, March 31, 2016 1:13 PM

All replies

  • Hi Inff,

    To achieve your goal, you could enable Prevent users from sharing files within their profile in GPO.

    The path of Prevent users from sharing files within their profile:

    User Configuration\Administrative Templates\Windows Components\Network Sharing

    For more information, you could refer to the article below.

    Network and Sharing Center Group Policy Settings

    https://technet.microsoft.com/en-us/library/cc731655%28v=ws.10%29.aspx

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 01, 2016 8:18 AM
    Moderator
  • Hi Jay, 

    Thanks for your reply.

    Actually we already have this Prevent users from sharing files within their profile  flag enabled. Indeed it looks like the most obvious one to activate for that matter.

    But unfortunately if it does prevent the user to use the Share tab for files it does not for folders. I don't see any options for folders. I suppose if we could get rid of the share tab, that would do the trick.

    Any idea how to ?

    thanks

    Friday, April 01, 2016 9:54 AM
  • Hi Inff,

    The policy could disable user to share files and folders within their profile to other users on the network.

    But it does not work for these users which with administrative rights.

    In addition, I found a way that delete the registry below after backup to remove the share tab.

    HKEY_CLASSES_ROOT\CLSID\{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 04, 2016 10:38 AM
    Moderator
  • Hi Jay,

    Thanks for .. sharing.

    Our domain users do not have administrative rights and as i said they can't share folders or files. What is annoying is that they can try sharing and in this process they see part of the Active Directory objects.

    I have tried removing the registry you mention on my application server but i get a message saying it's impossible to remove, same when trying to modify it. I am connected with the administrator account and launch regedit from a cmd ran as an administrator.

    Any ideas why i can't remove this registry welcome.

    thanks

    Monday, April 04, 2016 2:11 PM
  • Hi Inff,

    You could take the ownership of this key, follow these steps:

    1. Right-click the key - Permissions - Advanced

    2. Owner Tab, Click your user name and check the box "Replace owner on subcontainers and objects", Apply - OK.

    3. Click Administrators under Group or user name, check Allow Full Control. Then Apply - OK.

    Then delete it.

    For more information, you could refer to the article below.

    https://social.technet.microsoft.com/Forums/windows/en-US/9a87b20f-15a4-4eff-b678-f228166f6d0a/how-to-disable-advanced-file-sharing-in-windows-7?forum=w7itprosecurity

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 06, 2016 5:41 AM
    Moderator
  • Hi Jay

    No luck with this. On our RDS architecture we have deleted the registry you mentionned on the RDS Host session server that is hosting the folder we publish.

    rebooted all the servers, connected with new clients profile.

    But we still see the share tab.

    thanks

    Wednesday, April 06, 2016 8:04 AM
  • Hi Inff,

    I have tested on multiple machines. And it works.

    Would you tell us how do you “connect with a new client profile”?

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 07, 2016 2:15 AM
    Moderator
  • Hi Jay

    What i meant by “connect with a new client profile”: i used a new authorized logon id with my RDWEB connection to make sure existing profiles stored on my host session server were not part of the issue

    Please check the image below, the published File
    Explorer is in French but you can see the 4 tabs on theand Display).
    The Share tab is the one i'm talking about

    Unfortunately, it looks like i can't upload images. I have posted a Verify My Acccount request six hours ago in order to be able to upload images but i still can't. Will try again tomorrow.

    Thanks

    Thursday, April 07, 2016 2:49 PM
  • Hi Inff,

    4 tabs?

    In general, there are 5 tabs.

    Due to there is no image, would you tell us what are the 4 tabs?

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 08, 2016 2:38 AM
    Moderator
  • Still no luck with load images.

    The 4 tabs are File, Home, Share, Display

    thanks

    Friday, April 08, 2016 7:20 AM
  • Check this:

    https://support.microsoft.com/en-us/kb/303153


    Kind regards,

    Tim
    MCITP, MCTS, MCSA
    http://directoryadmin.blogspot.com

    This posting is provided 'AS IS' with no warranties or guarantees and confers no rights.

    "If this thread answered your question, please click on "Mark as Answer"

    Saturday, April 09, 2016 6:03 AM
  • Hi Tim

    We've tried this old Windows 2000 trick but no luck, it does not let us get rid of the share tab.

    thanks

    Monday, April 11, 2016 9:28 AM
  • Looks like i'm able to add pictures by now. So here we ago, above you can see the 4 tabs. The 3rd one is the Share Tab.

    And below is what we want to avoid:

    • Edited by inff Monday, April 11, 2016 9:33 AM
    Monday, April 11, 2016 9:28 AM
  • hi topicstarter

    Suggestion: look at the permissions of the folders and remove the 'change permission' for the users instead of trying to fix this with a group policy.

    Tuesday, April 11, 2017 10:28 AM
  • [HKEY_CLASSES_ROOT\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InProcServer32]
    @=""

    Take ownership of this key and empty it out. Tested it works. But it removes ability to share for everyone. Not user specific. Admins will be affected as well.

    Wednesday, January 03, 2018 9:18 PM