Disable Network Browsing

Tbird1k

Member
Mar 15, 2001
87
0
0
We have two public access computers we will be adding to our orginization.

We need to disable network browsing on these two computers so they can't access anything on the internal network. We need to have it so they can't see anything at all.

The two computers will be running Windows XP Home and in just a Workgroup environment.

Does any one know way to easily do this under XP Home?

Thanks for any help you may have :)
 

Fardringle

Diamond Member
Oct 23, 2000
9,200
765
126
I'm not 100% certain this works with Windows XP, but it works in Windows 2000 and I would assume that it still works in Windows XP. The network I work on still has primarily Win2K workstations so I don't really have a WinXP station to test it with.


Shutting off NetBT greatly reduces the network's browsing functionality because the Computer Browser?the service manifested in Network Neighborhood, My Network Places, and the Net View command?sits atop NetBIOS.

To disable NetBT manually, right-click My Network Places and choose Properties to display the computer's TCP/IP properties. (You can use DHCP to disable NetBT on a system, but that process requires a fairly lengthy explanation, and this way is much easier if you only need to configure a few computers.) In the Network and Dial-up Connections window, you'll see an object for each network card on your system. Right-click the network card for which you want to disable NetBT, then choose Properties. On the Properties page, double-click the Internet Protocol (TCP/IP) object, then click Advanced on the Internet Protocol (TCP/IP) Properties page. Click the WINS tab, then click the Disable NetBIOS over TCP/IP radio button. Clear the Enable LMHOSTS lookup check box, then click OK until you've closed the pages. To verify that you've killed NetBT, you can type

If a user happens to know the name of the other computers on the network, they can use the Net View command to list its shares without NetBT's help using a command like this one:
net view bigserver.acme.com
to list its shares. But that's the only way anyone would be able to browse any resources on the local network.


edit: One additional bit of info to add to those instructions...

After you disable NetBT, you can shut down the Computer Browser service to recover some memory and simplify your system's software. The Computer Browser service will eventually stop itself if it is not able to locate the NetBT service if you don't stop it manually
 

vi edit

Elite Member
Super Moderator
Oct 28, 1999
62,484
8,344
126
I've got to missing something here.

What *SHOULD* they have access to? Internet? Printers? Nothing?

If they are just stand alone PC's I'd just unplug the network cable. :p
 

Fardringle

Diamond Member
Oct 23, 2000
9,200
765
126
The original poster said that they are public access machines. This tells me they should have Internet access but nothing else. The instructions I posted should work for that configuration. If I misunderstood the request, then of course pretend I didn't reply... ;)
 

vi edit

Elite Member
Super Moderator
Oct 28, 1999
62,484
8,344
126
If he's using a firewall that has a configurable DMZ port, I'd just slap them on that :)