How can I stop my server from allowing unauthorized access?
I am trying to sort out a network using Windows Server 2003 and Windows XP Pro. The domain has been set up on the server, and it is possible to log in. But mostly the users don't log into the domain. They log into the local machine with usernames which are NOT known on the server. They get access to files which are held on the server, by using the server's IP address in shortcuts and scripts. It seems to me that security on the server must have been partly disabled, to allow this unauthorized access. Can you suggest the steps I need to take in order to force users to log into the domain?
Setup the security policies from the security policy settings in 2003 server. Create group security policies and enforce the same on the users in your AD.
The other important thing you need to do is disable automatic generation of 8.3 File Names. Use of 8.3 file naming (a legacy mechanism from the FAT file system) can permit users to get to files and folders without authorization. Using a Registry editor such as regedt32 (by going Start -> Run and entering regedt32), add a value, NtfsDisable8dot3NameCreation, to the following Registry key:
Assign a numerical value of 1 and a type of REG_DWORD. Refer to the AD manual for setting up the Group Policy in AD.
This was first published in April 2006