Access to network drives (on server) without sharing them?

[Fat Bastard]

With win2k server, when users are logged into a domain, is it possible to allow access to folders without sharing either the drive or the folder itself? I tried and it doesnt' seem possible, but I don't know.

[Datagram]

Originally posted by Fat Bastard
With win2k server, when users are logged into a domain, is it possible to allow access to folders without sharing either the drive or the folder itself? I tried and it doesnt' seem possible, but I don't know.

What exactly are you trying to accomplish? You can access administrative shares($) if the user had admin rights, such as Enterprise admin, domain admin, ect...but other than that I don't think its possible...i could be wrong though...............

[Fat Bastard]

I'm just trying to maximise security. I was told that it's better not to enable sharing, and I was looking at this domain controller pc and couldn't make it work like that. No, the users would just be users or power users.

[Loser-P]

There’s nothing wrong with sharing folders as long as you don’t bind file and printer sharing to any network adapters that are used to connect to the internet.

Also Windows 2000 gives you quite a bit of control over who can access shared folders and what they can do with those files, it’s just a little confusing when you’re first learning how all the permissions work.

[Fat Bastard]

I know there's nothing wrong with it, but if there is a more secure method, I would like to go with it. Thanks for the replies.

[SkyDog]

You've gotta compromise between usability and security. At one end of the spectrum, the most usable server for your end users is the one with everything shared. At the other end of the spectrum, the most secure server is the one with nothing shared, in which case it might as well not be plugged into the network! The trick is to create only the shares you need, and to set the permissions on them appropriately. That way, the server's doing its job by being accessible, while you minimize (not eliminate) your security risks.

As for the warning to disable file and print sharing for security: The warning is normally in reference to computers connected directly to the Internet (with no router or firewall). If a computer is connected directly to their ISP and has file & print sharing enabled, then whatever shares exist are visible from the Internet, meaning that anyone in the world can access your shared files, folders, & printers if they can get by your username/password security. If you've got a router that blocks ports 137, 138, and 139 (and just about all of 'em do by default), then your shares aren't visible to the Internet, so there's no security problem.