Does anyone know how it would be possible to shut off Windows File Sharing on my network? Would I just block certain ports on my switch/server/router? Or does something else need to be done. Keep in mind that I want to block the entire network from using Windows File Sharing because it it slow and eats bandwidth... and it's not really idea for me to go on every machine to turn it off because the user with enough skill could easily turn it back on. Thanks!
Disabling Windows File Sharing?
- Thread starter wiredspider
- Start date
Well, I'll throw another dart since you gave absolutely no information about your network.
GPO to remove File and printer sharing exception on XP SP2 firewall.
You should be able to disable F&P itself, via NIC properties via GPO however you'd remove network printing in the process.
GPO to remove File and printer sharing exception on XP SP2 firewall.
You should be able to disable F&P itself, via NIC properties via GPO however you'd remove network printing in the process.
Ideally, I don't do anything to the client machines because I still want them to still be able to use Windows File and Print Sharing when they go home or whatever, but while they are connected to a network that I manage, I don't want them to use it and tie up the bandwidth. Any solutions?
Are your computers using a domain? If so then I think you are SOL. I believe you need to block port 135 and port 139 on your network. However, if you do that then no computer will be able to login to the domain.
do you have AD with GPO applied? this would be easiest if those wkstations are joined to your domain. However you still can't block filesharing between computers that are not joined to your domain.
What kind of switch / router are you running?
Network topology? Are you running one big subnet ? It would be hard to block traffic on workstations that are on the same subnet.....
this is a challenge ...
What kind of switch / router are you running?
Network topology? Are you running one big subnet ? It would be hard to block traffic on workstations that are on the same subnet.....
this is a challenge ...
How is that? What are you going to use instead?
That wouldn't be much of a problem if the users weren't admins.
Alternative software has been arranged for the user's use if they do wish to transfer files on the network... Windows File Sharing just doesn't use bandwidth resources well...
There really is no domain being run, so GP and login scripts are out. Basically this is a big lan where anyone can connect. The switches that will be used will most likely be managed 24 port switches, still deciding on which one specifically.
I think the solution I might be looking for is just to not allow users from being able to view other computers on the network via "browsing". Something should be possible, just don't know what needs to be done.
There really is no domain being run, so GP and login scripts are out. Basically this is a big lan where anyone can connect. The switches that will be used will most likely be managed 24 port switches, still deciding on which one specifically.
I think the solution I might be looking for is just to not allow users from being able to view other computers on the network via "browsing". Something should be possible, just don't know what needs to be done.
A+, NET+, MCSA, MCSE
You're asking this kind of question with those credentials? Gimme a break! :disgust:
You're asking this kind of question with those credentials? Gimme a break! :disgust:
You could get a decent managed switch and throw some ACL's on there that would deny 135-139 & 445 to every IP except for the printer. That would guarantee access to the shared network printers while disabling file sharing between desktops -- with the added bonus of having no file sharing of any type, even for unknown computers on your network.
That's from a network point of view, though. Using AD + GPO would work as well, but does not cover the `unknown computer` part.
That's from a network point of view, though. Using AD + GPO would work as well, but does not cover the `unknown computer` part.
Great example of people overvaluing certifications! I do in fact hold all certifications listed, but that doesn?t make me a network guru of any sort, from real world experience it only scratched the surface of what is really implemented in business. None of the labs I took part in had me do anything like this, with the exception for creating GPOs to administer network resources? However, in that case there was a domain and computer/user accounts to work with. But, hey I don?t really care, the certifications were merely my high school achievements, some additional papers to the diploma?
Randal
Thanks for the reply, pretty much what I needed. I couldn?t find all the exact ports I would need to block.
If there are any other plausible solutions, please let me know. Thanks!
Randal
Thanks for the reply, pretty much what I needed. I couldn?t find all the exact ports I would need to block.
If there are any other plausible solutions, please let me know. Thanks!
Actually it would be a great example of how devalued certifications have become, at least the ones you listed. That is if you had the paper.
ktwebb,
That is another way to put it but, you are the one saying I should have all this knowledge, just because I ?claim? to have these certifications. Although I must say if I wanted to fake some certifications I that I didn't have, I certainly wouldn?t have listed ones that a high school student could get. Wouldn?t it make more sense to list CCNA, CCNP, CCIE, MCSDBA, MCSD, Server+, and the list could just go on?
If I wanted to lie, why not go all out...
That is another way to put it but, you are the one saying I should have all this knowledge, just because I ?claim? to have these certifications. Although I must say if I wanted to fake some certifications I that I didn't have, I certainly wouldn?t have listed ones that a high school student could get. Wouldn?t it make more sense to list CCNA, CCNP, CCIE, MCSDBA, MCSD, Server+, and the list could just go on?
If I wanted to lie, why not go all out...
I still haven't seen a valid reason for disabling this. If you are so low on bandwith that you need to disable F&P, you have bigger problems. CIFS is pretty efficient on a LAN. On a WAN, it might be a concern, but if you have a standard 100Mbit LAN, I can't see how CIFS/SMB would have such a large impact.
STaSH,
interesting sig...
I could of course leave everything as is and save myself from having to figure out how to make this work, but it is a matter of efficiency. The normal 100 megabit LAN should be able to handle the file transfers, but it doesn?t do it as effectively as some 3rd party (they make multiple connections to the source and compress the file, so downloads take shorter periods of time and that would mean that the LAN?s bandwidth is free more of the time) programs would. I can?t enforce everyone to install the 3rd party programs, but while they are on my network, they won?t be allowed to use the built in file sharing in Windows.
Get my drift?
Anyhow, if there are 60-80 people on this network and let?s just say half of them are transferring files, it would significantly impact the LAN?s bandwidth. Sometimes, people will sit there and stream large movie files off another user?s computer; that seems to noticeably slow things down. Not to mention, the network is only 100 megabit in theory, real speeds are usually not near that. I also need the bandwidth so my other half of users can play their multiplayer games without lagging.
interesting sig...
I could of course leave everything as is and save myself from having to figure out how to make this work, but it is a matter of efficiency. The normal 100 megabit LAN should be able to handle the file transfers, but it doesn?t do it as effectively as some 3rd party (they make multiple connections to the source and compress the file, so downloads take shorter periods of time and that would mean that the LAN?s bandwidth is free more of the time) programs would. I can?t enforce everyone to install the 3rd party programs, but while they are on my network, they won?t be allowed to use the built in file sharing in Windows.
Get my drift?
Anyhow, if there are 60-80 people on this network and let?s just say half of them are transferring files, it would significantly impact the LAN?s bandwidth. Sometimes, people will sit there and stream large movie files off another user?s computer; that seems to noticeably slow things down. Not to mention, the network is only 100 megabit in theory, real speeds are usually not near that. I also need the bandwidth so my other half of users can play their multiplayer games without lagging.
Thanks.
Aha! There it is. Running games is not typical of most LANs. So I can see why bandwidth would be a concern. OTOH, if you allow users to play games on your LAN, they're probably not going to be happy if you take away their file sharing.
skyking
Lifer
- Nov 21, 2001
- 22,660
- 5,786
- 146
What he said. On the other hand, if the workplace encourges such diversions, then I would overhaul the switching capabilities. Get some stacked switches or at the very least gigabit trunks back to a central gigabit switch, If your site won't allow a single central switch.
As others have said, shutting off filesharing sounds like a bandaid. If 40 or so players hit a pure 100 mbit system, it is gonna suck for any protocol.
As others have said, shutting off filesharing sounds like a bandaid. If 40 or so players hit a pure 100 mbit system, it is gonna suck for any protocol.
It wouldnt drain the bandwidth if you are using switches. It is real hard to bog down a decent switch.
What are these 3rd party file transfer programs that you speak of? I would think the extra overhead imposed on each computer that runs this "3rd party" software would outweigh the benefits of saving incremental bandwidth on your LAN.
Also, jondercik is correct, a good switch will handle just about anything you throw at it, are you running a pure switched environment? What kind of hardware are you using? Are all the cables in the buildling home runs or do you have multiple switches that are daisy chained through a single 100mbps link (versus a gigabit backbone, or some form of direct link from switch-to-switch).
Also, jondercik is correct, a good switch will handle just about anything you throw at it, are you running a pure switched environment? What kind of hardware are you using? Are all the cables in the buildling home runs or do you have multiple switches that are daisy chained through a single 100mbps link (versus a gigabit backbone, or some form of direct link from switch-to-switch).
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 20K
-
-
-
Facebook
Twitter