Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hide Active Directory from My Network Places 1

Status
Not open for further replies.
Seaspray0

Seaspray0

Technical User
Jan 27, 2003
1,037
US
Active Directory is a great place to find resources (users, printers, etc.) but if you have already made other arrangements to direct users to their resources you are certainly not pleased to see Active Directory boldly displayed in My Network Places for everyone to browse, especially if you consider the information confidential. Other than removing the read rights to Active Directory from users (AD users and computers: view advanced features, right click domain then select properties, securities tab) - which I don't recommend unless you are willing to slug it out fixing read permissions elsewhere in OU's where needed - you can use group policy...
Select the policy you wish to apply it to (domain, site, OU) and go to user configuration, administrative templates, desktop, active directory, Hide active directory folder.

By viewing advanced features in AD, you can then go to the securities tab on the group policy and select deny for "apply group policy" setting for those groups/users you wish to still see active directory (useful if applied at the domain or site level)... or simply apply the policy at the OU level for users in an OU to have it hidden.
 
Just curious, but what confidential information is contained in the AD? and what other means do you use to provide your users access to the data on the servers?
 
Try this... log on with a standard user account, then go to My Network Places, Entire Network, Microsoft Windows Network... there you will see Icons for your domains, and an Icon for Active Directory. Open the active directory icon for yourself and see. It looks familiar because its basically what you see as an administrator when you open the MMC for active directory users and computers. You can browse the OU's, see every username and group, and even pull up properties on users (although not all properties). If you consider this information confidential, then you can remove it with the group policy setting defined above for those who have no right to see it... i.e. vendors, consultants. It doesn't prevent you from accessing shares or finding them through the domain icon. It only prevents you from seeing your Active Directory structure.
 
Ok, thanks. That information isn't considered confidential here because, well, everyone here knows who works here simply by looking at our phone list. :) We don't permit vendors onto our network, and our consultants are trusted with this information (since they helped create it).
 
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
231
julis2103
julis2103
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
585
DTGMI
DTGMI
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
943
goombawaho
goombawaho
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top