Removing Sharing & Security tabs from the Group Policy




This is Varadarajam. I need to maintain some security in my network. I will
give the details follow.

I have 2003 Domain Controllers and 2000 Professionals and XP Professionals
as a client systems.

What i wanna do is, Sharing and Security tabs should be disappeared in the
Client systems even the users are in Local Admins group. Generally for normal
users the Sharing tab will be disabled.

But if that user is in Local Admin group Sharing tab will be enabled
automatically, i want to disable that sharing option from the client systems.
so, that the users can't share the folders or files from their systems.

I wanna do this through group policy from my 2003 Enterprise Server Domain

I searched in the Internet i found only one solution. It didn't work for me.
I though that solution is for only 2000 DCs. This is the link which i found
in the Internet.

It didn't work out for me.

So, Kindly help me out of this problem.

Thanks and Regards

Steven L Umbach

You can easily enough remove the security tab through Group Policy but not
the sharing tab. Also hiding access to such will generally not stop a
knowledgeable users from using other methods as trying to limit an
administrator will prove futile at least for some users. Keep in mind that
local administrators can create local accounts to logon to in order to
bypass domain level Group Policy for user configuration. It would be best to
evaluate whether users can function without being local administrators.
Another consideration is that you can manage the user right for access this
computer from the network on your domain computers to allow only specified
users/groups to access shares on your domain computers in case an
unauthorized share is created. I suggest that you do not change that user
right in however for domain controllers. For XP Pro computers the Windows
Firewall can also be configured to allow file and print sharing only from
specified IPs such as administrative workstations. Windows Firewall settings
can be implemented via Group Policy for the domain profile for computers on
the domain network.



Hi Steve

Thanks for your information.

If i remove the user from the Local admin group .Net and IIS is not
functioning properly.. Actually we wanna remove the users from the Local
Admin group but these development programs are affecting. Is there any way to
restirct the users without having Local Admin rights.

Thanks and Regards


Steven L Umbach

It is fairly easy to restrict users that are not local administrators or
power users. Exactly what did you want to do? If it is to hide the security
tab for XP Pro computers use Group Policy under user
configuration/administrative templates/Windows components/Windows explorer -
hide security tab which you want to set to disabled which will also work for
local administrators though if they are skilled they can find work around
including logging on as a local user account.


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question