Ask the Expert

How can I stop my server from allowing unauthorized access?

I am trying to sort out a network using Windows Server 2003 and Windows XP Pro. The domain has been set up on the server, and it is possible to log in. But mostly the users don't log into the domain. They log into the local machine with usernames which are NOT known on the server. They get access to files which are held on the server, by using the server's IP address in shortcuts and scripts. It seems to me that security on the server must have been partly disabled, to allow this unauthorized access. Can you suggest the steps I need to take in order to force users to log into the domain?

    Requires Free Membership to View

Setup the security policies from the security policy settings in 2003 server. Create group security policies and enforce the same on the users in your AD.

The other important thing you need to do is disable automatic generation of 8.3 File Names. Use of 8.3 file naming (a legacy mechanism from the FAT file system) can permit users to get to files and folders without authorization. Using a Registry editor such as regedt32 (by going Start -> Run and entering regedt32), add a value, NtfsDisable8dot3NameCreation, to the following Registry key:

HKEY_LOCAL_MACHINESystem|CurrentControlSetControlFileSystem

Assign a numerical value of 1 and a type of REG_DWORD. Refer to the AD manual for setting up the Group Policy in AD.

This was first published in April 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: