Even users with RESTRICTED USER rights on their Windows 2000 or XP machines can create shares on their PC. This is obviously a very bad idea for the vast majority of companies. Microsoft has Knowledge Base article 300153 which explains how to remove the SECURITY tab (which can be accomplished via Group Policy if you wish) however, if there is nothing on how to remove the SHARING tab. Microsoft’s “Woody G” was good enough to dig up a solution.
What you see below is a modified version of 300153. It is offered without guarantee and as always you should make sure you have good backups. It did however work very well for me 🙂
To disable the Security tab from Windows 2000 Professional-based workstations that are members of a Windows 2000 domain:
- Start Active Directory Users and Computers.
- Right-click the domain, and then click Properties.
- Click the Group Policy tab on the domain properties dialog box to view the default domain policy.
- Click New. New Group Policy Object should appear in the list of objects. Rename this Policy to Remove Security Tab. Make sure this policy is positioned directly under the default domain policy.
- Click Remove Security Tab, and then click Edit to start the Group Policy Editor.
- Expand Computer Configuration, Windows Settings, Security Settings, and then click Registry.
- Right-click in the left pane, and then click Add Key.
- Paste the following key in the text box, and then click OK:
CLASSES_ROOT\CLSID\{1F2E5C40-9550-11CE-99D2-00AA006E086C} Note that there may be a delay before you can proceed to the next step, and this is normal.
- The Database Security Editor appears. You need to add the user or group that you want the Security tab to be removed from.
- Change the permission on this key for the users and/or groups that you added in the previous step to “Deny Read.” This prevents the user from being able to instantiate the needed components to display the Security and Sharing tabs. Click OK twice to complete the settings and exit the Group Policy Editor.
- Click New. New Group Policy Object should appear in the list of objects. Rename this Policy to Remove Sharing Tab. Make sure this policy is positioned directly under the default domain policy.
- Click Remove Security Tab, and then click Edit to start the Group Policy Editor.
- Expand Computer Configuration, Windows Settings, Security Settings, and then click Registry.
- Right-click in the left pane, and then click Add Key.
- Paste the following key in the text box, and then click OK:
CLASSES_ROOT\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6} Note that there may be a delay before you can proceed to the next step, and this is normal.
- The Database Security Editor appears. You need to add the user or group that you want the Security tab to be removed from.
- Change the permission on this key for the users and/or groups that you added in the previous step to “Deny Read.” This prevents the user from being able to instantiate the needed components to display the Security and Sharing tabs. Click OK twice to complete the settings and exit the Group Policy Editor.
0 Comments