Jump to content

users have access to administrative shares

ceez

By ceez
in Windows 2000/2003/NT4

 Share

Recommended Posts

ceez

ceez

Posted
Posted

hello fellow-msfners...

In our domain we have noticed that users can connect to other pc's via unc , ie: patch \\pcname\c$.

Can this be disabled via group policy to prevent users from accessing computers this way?

The users are part of the domain users group BUT in the workstations they are part of the administrators group because autocad requires that the users be memebers of it. Does that have anything to do with it?

thanks guys,

ceez

:thumbup

Link to comment
Share on other sites

nmX.Memnoch

nmX.Memnoch

Posted
Posted (edited)
Can this be disabled via group policy to prevent users from accessing computers this way?
Yes you can disable the default admin shares via GPO, but you take a chance on breaking other things like SMS.
in the workstations they are part of the administrators group
That gives them full admin rights to the PCs...which is why they can connect to the admin shares.
because autocad requires that the users be memebers of it
*sigh*

It probably doesn't. Lazy programmers have a tendancy to write their applications incorrectly so that by default only admins can use them properly. And then when someone asks why a regular user can't run the applicaiton they just give the default "it requires admin privs to work" answer.

What you need to figure out is what areas of the workstation that AutoCAD requires write access to, then give regular users write access into those areas. Once you do that you can probably remove the admin privs.

For example, if for some unknown reason AutoCAD needed write access to C:\Program Files\AutoCAD\ then you would give users write access to that directory. It's a little more research and work on your part, but it can (and will) save you a lot of headaches later on.

Edited by nmX.Memnoch
Link to comment
Share on other sites
ceez

ceez

Posted
  • Author
Posted

mmx, thanks for your answer and explanation. Yeah, lazy coding by the autocad folks i guess...If I feel up to it i'll try to tackle the 'which folders cad needs access to' option.

thanks again!

ceez

:thumbup

Link to comment
Share on other sites
cluberti

cluberti

Posted
Posted

I helped a nonprofit with AutoCad a little while ago during a Vista migration - seems the app needs to WRITE to the program files directory. A quick Process Monitor log of the application running through it's paces, or, if you want, use LUA BugLight, should show you the way. I personally prefer the LUA BugLight tool nowadays, but procmon will get you there too.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...