microsoft.public.windowsxp.security_admin

Anteaus wrote:
> A slightly lateral approach, if you turn off the Computer Browser and
> Server services on desktops, that will stop users from creating or
> finding unauthorised shared resources. It will also improve your
> security somewhat.

Hmmm - no....if you want security, you use NTFS permissions to lock things
down. You can also use hidden shares. Browsing is not a security issue - if
you want to see shares on a server, \\server will show them to you. And if
you turn off the Server service you cannot as an admin remotely manage a PC.

I do generally turn off the Computer Browser on workstations - this works if
you use WINS. But that isn't for reasons of security -it's performance &
browser election issues.
>
> As such it won't stop someone connecting an unauthorised computer,
> but it will to some extent mitigate the security risks which that
> poses.

How so?
>
> You can (obviously) only do this if all of your resources are
> centrally hosted, it would not be suitable if you (for example) rely
> on peer-shared printers.

The server service, yes. Computer Browser, no....you can connect to
\\workstation\printer regardless.
>
>
> "Bill Board" wrote:
>
>> Recently a new workgroup/domain appeared in our "Network
>> Neighborhood > Microsoft Windows Network" We are running Windows
>> 2003 Server with Windows XP Pro workstations in our network.