Hi, This is a cross posting from http://social.answers.microsoft.com/Forums/en-US/w7security/thread/b4519644-55d3-4c5f-8ee3-f8139adfd354 I have a domain where we have changed the clients from XP over to windows 7. This is one of multiple domains in the school, so we don't want users to be able to view the network. I have managed through a couple of registry hacks and an adm template to hide all references to the network in windows explorer, however the file open/save dialogs don't respect this setting and the entire network is browsable. I managed to control this behaviour in windows xp by using the policies "no entire network in network locations" and "no computers near me in network locations", but these policies are supported on "Windows Server 2003, Windows XP, and Windows 2000 operating systems only". Is there an equivalent setting in group policy in Server 2008 R2 that applies to Windows 7? Can anyone help with any suggestion to stop users being able to see and browse the network in this way? I have scoured the group policies but I haven't yet been able to track down a setting that will let me control this behaviour. I have disabled network discovery and I have also disabled the following computer policies: Computer Configuration -->> Administrative Templates -->> Network -->> Link-Layer Topology Discovery -->> Turn on Mapper I/O (LLTDIO) driver Computer Configuration -->> Administrative Templates -->> Network -->> Link-Layer Topology Discovery -->> Turn on Responder (RSPNDR) driver I'm now running out of ideas other than more registry hacks to disable the navigation pane in the open/save dialog, but I already know of one application we use that doesn't respect the windows way of doing things so the network will still be visible via that application if I continue with another adm template. Thanks in advance for any help.

Perhaps this will help: http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/1a914e11-ffe3-4ed2-ab7f-5d43fea9a715/ Also, search and\or post in the server forum to get the assistance you need. http://social.technet.microsoft.com/Forums/en-US/category/windowsserver

The policies that I extensively tested do not hide this functionality. The fact that two policies used to achieve this when running Windows XP and Server 2003 yet no equivalent appears to exist for Win7/server 2008 R2 is quite surprising. Locking down the network with 3rd party tools or the windows firewall is not really an answer to the problem of not being able to hide network locations in an open/save dialog. For the time being - and after a lot of time invested messing with this issue - I have put together an ADM template which does restrict this access and I have used a combination of registry fragments in a startup script to remove certain aspects of the windows explorer window and the open/save dialog.

Hi, This seems to have transpired into being the same problem I am having which I have raised in another question - http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/018f1b7d-f6c1-45fb-b352-7d0e28a21a7a/ I am using Server 2003 and you mention you have managed to get this to work with two policies? Can I ask what they are and will they work specifically with the open dialog to stop the user clicking up and being able to traverse? I am moving onto new servers soon with server 2008 and if the adm you have built does what I want it to could you copy the script onto my question? Sorry to hijack but it may be relevant? Thanks

"no entire network in network locations" and "no computers near me in network locations" These are both located in: User config -> admin templates -> windows components -> Windows Explorer You may also want to remove map network drive, remove folder options and possibly remove the hardware and security tabs depending on how locked down you want/need your environment to be. If you change to 2008 the "no entire network in network locations" and "no computers near me in network locations" policies are in: User config -> policies -> admin templates -> windows components -> Windows Explorer

Just remove the ability to browse the network with GPO... This removes this ability. -Dan

hmmmmm :s

Sorry moved to my own thread so as to not hijack any longer

Just remove the ability to browse the network with GPO... This removes this ability. -Dan This doesn't work on Windows 7 on a 2008 R2 DC - hence the messy work-around. It should work on a 2003 terminal server as I mentioned.