none
Hiding server shares RRS feed

  • Question

  • Greetings,

    I have two issues:

    1. While trying to find ways to hide server shares on Windows Server 2012 R2 and above, I was introduced to Access Based Enumeration, however, since it didn't work as intended, and after doing more research it seems that ABE does not hide the UNC shares.  It only hides folders in the share that users don't have NTFS permissions to.

    Without having to use the dollar sign at the end of every folder is there a way to hide the actual shares from the network so that only the users that need access to them can see them, if they type a unc server name looking for open shares?

    i.e. if a user types \\FILESERVER\ we don't want any shares they have access to, to show up in the list in File Explorer (or any app).

    2. Login scripts map users to shared folders on servers.  In File Explorer it shows them the full UNC path to the share, then the mapped drive letter in parentheses:

    ex. DeptShare (\\FILESERVER\) (S:)

    Is there a way to hide the folder and/or the server name so they only see the mapped letter?

    In this example we simply want them to see S, like they see C.

    We assume DeptShare is being shown as the volume name so technically we would be ok with keeping that if we could get rid of the UNC path that is shown in parentheses.


    Alert from Microsoft Forum

    Saturday, May 25, 2019 1:08 PM

Answers

  • Might need to qualify, something like;

    cscript C:\somepath\rename_mapped_drive.vbs "\\Server\SomeShareName" "X" "MyNewName"

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Marked as answer by DarkAngel11 Wednesday, May 29, 2019 3:08 PM
    • Unmarked as answer by DarkAngel11 Wednesday, May 29, 2019 3:08 PM
    • Marked as answer by DarkAngel11 Wednesday, May 29, 2019 3:12 PM
    Wednesday, May 29, 2019 3:01 PM

All replies

  • 2. Login scripts map users to shared folders on servers.  In File Explorer it shows them the full UNC path to the share, then the mapped drive letter in parentheses:

    ex. DeptShare (\\FILESERVER\) (S:)

    Is there a way to hide the folder and/or the server name so they only see the mapped letter?

    That should be the volume label In your logon script you could set the Label to something else.

    https://gallery.technet.microsoft.com/scriptcenter/7dd02dca-d177-478b-9a20-d0210413ab2d

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.



    Saturday, May 25, 2019 8:24 PM
  • Hey, thanks for replying.

    The URL leads to a multi-line VB Script.

    Am I supposed to replace a simple one line NET USE with that whole script?

    Also, if this is the answer, should I mark this as the answer?

    Won't that stop others from answering my first question?


    Alert from Microsoft Forum

    Tuesday, May 28, 2019 1:17 AM
  • To maintain better forums clarity its recommended to ask each question in a separate thread.

    As to changing the volume Label you could also use a cmd.exe one liner. Some examples here.

    https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/label

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.




    Tuesday, May 28, 2019 1:24 AM
  • That doesn't work.

    I tried it, even after I researched the command, that it only works on the volume label of a physical disk.


    Alert from Microsoft Forum

    Tuesday, May 28, 2019 2:35 AM
  • Give this one a try.

    https://gist.github.com/mwinandy/5224966

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, May 28, 2019 2:40 AM
  • Where am I putting the drive letter and share path in the VB script?

    I'm not familiar with this code.


    Alert from Microsoft Forum

    Wednesday, May 29, 2019 12:59 PM
  • Looks like you would pass in three arguments

    rename_mapped_drive.vbs "\\Server\SomeShareName" "X" "MyNewName"

    strRemotePath strDriveLetter strNewName

     

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, May 29, 2019 1:14 PM
  • I'm confused.

    So you're saying (and I'm guessing here), 

    that I'm putting the statement:

    rename_mapped_drive.vbs "\\Server\SomeShareName" "X" "MyNewName"

    inside of my netlogon script and simply replacing the three parts you have in quotes?

    If that's correct, what am I putting with this:

    strRemotePath strDriveLetter strNewName


    Alert from Microsoft Forum

    Wednesday, May 29, 2019 1:21 PM
  • If that's correct, what am I putting with this:

    strRemotePath strDriveLetter strNewName

    Those are the script local variables, nothing to worry about.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, May 29, 2019 1:23 PM
  • My apologies, but you didn't actually say if I was right or wrong, so I'm still in the same place.

    Saying "script local variables" to me means in the VBS or the NETLOGON script so its still not clear.

    I honestly do not know where exactly to put the body of code itself.

    Am I saving it as a file in the NETLOGON folder, or putting it all inside the NETLOGON BAT file as a function?


    Alert from Microsoft Forum

    Wednesday, May 29, 2019 1:49 PM
  • In the example the code goes inside a file named rename_mapped_drive.vbs (you could name it anything as long as it has a VBS extension)

    I'm putting the statement:

    rename_mapped_drive.vbs "\\Server\SomeShareName" "X" "MyNewName"

    sorry, yes this was correct.

    strRemotePath strDriveLetter strNewName are local variables to the vbscript itself so nothing to do here.

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, May 29, 2019 1:55 PM
  • I added the vbs file to the folder.

    I ran the BAT file with the statement in it (by double clicking it), but the share came up as usual.

    I then disconnected the drive to retry running the BAT from a command prompt to see if I get any errors, and I got:

    'rename_mapped_drive.vbs' is not recognized as an internal or external command,
    operable program or batch file.

    I kept the original name for testing purposes


    Alert from Microsoft Forum

    Wednesday, May 29, 2019 2:23 PM
  • Might need to qualify, something like;

    cscript C:\somepath\rename_mapped_drive.vbs "\\Server\SomeShareName" "X" "MyNewName"

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Marked as answer by DarkAngel11 Wednesday, May 29, 2019 3:08 PM
    • Unmarked as answer by DarkAngel11 Wednesday, May 29, 2019 3:08 PM
    • Marked as answer by DarkAngel11 Wednesday, May 29, 2019 3:12 PM
    Wednesday, May 29, 2019 3:01 PM
  • That made sense.

    I tried that, and then received a VB popup error about the drive letter already existing.

    I had kept the NET USE statement thinking the VBS was going to rename the existing volume share name.

    I removed the NET USE statement and retried, and it worked.

    I retried it with multiple statements to create multiple shares in one BAT, and that worked as well.

    Thank you very much


    Alert from Microsoft Forum

    Wednesday, May 29, 2019 3:12 PM
  • Glad to hear of success, you're welcome.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, May 29, 2019 3:14 PM