Sherwood Botsford
2007-Jan-24 22:55 UTC
[Samba] Winbind set to only serve certain addresses?
After a bad week of internet worms, I want to setup my clients so they can't see eachother at all. Clients talk to servers. Full stop. Now part of this is easy. If I use the correct option in my dhcpd.conf file I tell the clients to use WINS mode 2 (use a server) give them a server address, and it puts a stop to all that broadcasting. What I would like to do next is to keep clients records from being visible to other clients. Part of this is to turn off "File and printer sharing" on the clients. What else do I need to do? (Or is this one of those cans of worms that breaks too many thing.s)
At 04:48 PM 1/24/2007, Sherwood Botsford wrote:>After a bad week of internet worms, I want to setup my clients so >they can't see eachother at all. Clients talk to servers. Full stop. > >Now part of this is easy. If I use the correct option in >my dhcpd.conf file I tell the clients to use WINS mode 2 (use a >server) give them a server address, and it puts a stop to all that >broadcasting. > >What I would like to do next is to keep clients records from being >visible to other clients. Part of this is to turn off "File and >printer sharing" on the clients. > >What else do I need to do? (Or is this one of those cans of worms >that breaks too many thing.s) >If you set your server up to serve logon scripts (per user) and also serve system policies to the win clients you can have the logon script map chosen shares as mapped drives per user at logon and can also use the policy file to have the chosen client machines to not display "My Network Places" that should do it. I have that set up here and it seems to accomplish what you are after. Cary Robinson IT Manager Top Solutions Inc. Office: 512-864-2750 Fax: 512-864-2751 Cell: 512-844-5551