I want to configure a security settings by which my machine cannot access mac01 & mac02 via UNC path. I have tired to apply these settings via Firewall, but I cannot accomplish that.1 person needs an answerI do too

Probably the best way to do this is to use the "lmhosts" file to define these names as going nowhere.On the machine you called "my machine", start up any text editor such as "Notepad"Navigate to and open the sample file: C:\Windows\System32\Drivers\Etc\lmhosts.samAt the end of this file, add the following lines: 127.0.0.1 mac01 #PRE 127.0.0.2 mac02 #PRESave this file as the name "lmhosts" (no extension) in the same directory as the lmhosts.sam file above.Note that Notepad will probably add ".txt" to the end of the file name. If so, you need to rename this file with Explorer to eliminate the .txt extension.Purge and Reload the name cache by bringing up a command prompt window (Start -> Run -> "cmd") and enter the command: nbtstat -R(note it must be a capital 'R') Now, your machine should not be able to access the machines 'mac01' and 'mac02' via UNC / NetBT.HTH, JW

Thanks for reply.I will try that. How to do via Firewall? Any idea?

That depends a lot on the Firewall that you are using. Basically, you need to block UDP ports 136 and 137 and TCP ports 139 and 445 to/from the destination IP address (IP addresses of mac01 and mac02). Unfortunately if this is a network where the server devices get their IP address via DHCP, then they could have different IP addresses each time they are powered up making it nearly impossible to guarantee blocking them this way unless they are assigned fixed IP addresses.On the other hand, the method I outlined should block access via device name (no matter which IP address they obtain) but will not block them if access is requested via IP address.The more straightforward way (if you have XP Pro machines) is to disable Simple File Sharing on all your machines via policy and use regular access permissions to allow or deny access to these machines. Unfortunately access is controlled by User name and password rather than source Machine Name -- which is probably better because then, as administrator, you could access these machines if logged in as yourself whereas a normal user may not have access to these shares..."How to disable simple file sharing and how to set permissions on a shared folder in Windows XP" < http://support.microsoft.com/kb/307874 >HTH, JW

I have tried following, but not working, Even restart computer. Please check the lmhost.sam file. # Copyright (c) 1993-1999 Microsoft Corp.## This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to computernames# (NetBIOS) names. Each entry should be kept on an individual line.# The IP address should be placed in the first column followed by the# corresponding computername. The address and the computername# should be separated by at least one space or tab. The "#" character# is generally used to denote the start of a comment (see the exceptions# below).## This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts# files and offers the following extensions:## #PRE# #DOM:<domain># #INCLUDE <filename># #BEGIN_ALTERNATE# #END_ALTERNATE# \0xnn (non-printing character support)## Following any entry in the file with the characters "#PRE" will cause# the entry to be preloaded into the name cache. By default, entries are# not preloaded, but are parsed only after dynamic name resolution fails.## Following an entry with the "#DOM:<domain>" tag will associate the# entry with the domain specified by <domain>. This affects how the# browser and logon services behave in TCP/IP environments. To preload# the host name associated with #DOM entry, it is necessary to also add a# #PRE to the line. The <domain> is always preloaded although it will not# be shown when the name cache is viewed.## Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)# software to seek the specified <filename> and parse it as if it were# local. <filename> is generally a UNC-based name, allowing a# centralized lmhosts file to be maintained on a server.# It is ALWAYS necessary to provide a mapping for the IP address of the# server prior to the #INCLUDE. This mapping must use the #PRE directive.# In addtion the share "public" in the example below must be in the# LanManServer list of "NullSessionShares" in order for client machines to# be able to read the lmhosts file successfully. This key is under# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares# in the registry. Simply add "public" to the list found there.## The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE# statements to be grouped together. Any single successful include# will cause the group to succeed.## Finally, non-printing characters can be embedded in mappings by# first surrounding the NetBIOS name in quotations, then using the# \0xnn notation to specify a hex value for a non-printing character.## The following example illustrates all of these extensions:## 102.54.94.97 rhino #PRE #DOM:networking #net group's DC# 102.54.94.102 "appname \0x14" #special app server# 102.54.94.123 popular #PRE #source server# 102.54.94.117 localsrv #PRE #needed for the include## #BEGIN_ALTERNATE# #INCLUDE \\localsrv\public\lmhosts# #INCLUDE \\rhino\public\lmhosts# #END_ALTERNATE## In the above example, the "appname" server contains a special# character in its name, the "popular" and "localsrv" server names are# preloaded, and the "rhino" server name is specified so it can be used# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"# system is unavailable.## Note that the whole file is parsed including comments on each lookup,# so keeping the number of comments to a minimum will improve performance.# Therefore it is not advisable to simply add lmhosts file entries onto the# end of this file.127.0.0.1 srvfs01 #PRE127.0.0.2 srvfs02 #PRE

Is everybody there?

Sorry, for some reason I didn't get an alert on your first response.From your statement:"Please check the lmhost.sam file."I am assuming that what you posted is a file actually named "lmhost.sam". This is incorrect. After you modify the sam ple file "lmhost.sam", you must save it as simply "lmhost" without a .sam (or anything else) extension in the same directory. Note that the Notepad editor (and others) will add a .txt extension, in which case you must manually rename the file to get rid of the ".txt".HTH, JW

It's not woking. I have rename it as "lmhost" without any extension. check above my lmhost file. Any idea?

Sorry, a typo on my part. There should be an "s" at the end of the filename -- "lmhosts".The data you entered looks good.If it is done right, you should be able to enter the following commands in a command window: nbtstat -R (must be capital R) nbtstat -cThe result of the second command should show your computer names (srvfs01 & srvfs02) in the list. For more info, see:"How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues" < http://support.microsoft.com/kb/314108 >HTH, JW

See file name & path, but still not working.C:\Windows\System32\drivers\etc\lmhosts

Sorry. It worked for me in a test case on my computer. I have no more suggestions. Windows Networking is designed to authenticate by username rather than by device so even this was an attempt at a work-around.Good Luck,JW.