Re: client PCs taking over Master Browser Service


"Gerry Keen" <GerryKeen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:080328CD-A35C-4234-9C64-3F2E24E83EBA@xxxxxxxxxxxxxxxx
SBS2K3 plus 3 Win2K Servers and 45-odd client PCs/laptops all WinXPsp2.

Can anyone help lock down the Master Bowse Service on the Primary Domain
Controller (SBS 2K3). When visitors to the offices plug their laptops,
that
are not part of our domain, into the ethernet network (against my
instructions but they still do),

This is a problem, far beyond browsing. This is compromising the stability
and security of the network.

* Set up a "guest LAN" that has Internet access *only* and does *not* touch
your own network.
* Ensure that unused LAN ports in the office are not patched into the
switch.
* Talk to management and put the fear of <insert preferred deity name here>
into them with regards to viruses, trojans, and other uninvited guestson
your network.
* If you can't get people to stop doing this, your company can invest $$$ in
some fancy network equipment that won't let unauthorized machines get on the
network at all.


they take over the Master Browser Service.
This only becomes apparent when they then unplug and leave and the master
browser service is still allocated to their IP in WINS. Network browsing
then goes wacko for certain services (such as offline folder synching
etc).

I confess to be slightly unsure what Master Browser Sevice does, given
that
I thought all WinXP boxes browse using DNS,

Ixnay....network browsing is NetBIOS. You have WINS, and the SBS box should
be the master browser.
[When I set up domain workstations, I always disable the computer browser
service....but you obviously can't do that with machines you don't
control. ]

but nevertheless it does cause
problems and I do not want this (the 'hijacking') to occur.

As mentioned, this is the least of your worries! You can't do much about it
as is...and frankly, if I were you, I wouldn't want to bandaid this problem
as it's really the canary in the coal mine. If your users/management sees at
least some evidence of the underlying problem you may be able to make a
stronger argument for preventing it in the first place.


Any help, pointers, etc. gratefully recieved.

A Louisville Slugger can be useful, too. You don't need to use it. Just prop
it up next to your desk.


many thanks

Gerry

I


.

Relevant Pages

  • Re: Mshome is not accessible
    ... Browser: Unable to determine master for network \device\1: 2 ... Unable to get Master: The system cannot find the file specified. ... Master browser name is: HOM200OF002 ... Decided to uninstall Norton Internet Security 2007. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Domain Controller Not Master Browser
    ... > election, but I do not have the resource kit to load to force an election. ... A DC can't be a master browser. ... some items are not able to browse the network - a Canon ...
    (microsoft.public.win2000.general)
  • Re: Network works only one direction
    ... TIT has all the settings as the master browser enabled. ... >>Status for domain HOME on transport \Device\NwlnkNb ... >>message with the addition that the network address isn't correct. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Browser 8032 Event ID
    ... The Master Browser role should *solely* belong to the PDC. ... Unfortunately due to the limitations of instruments I have on my network, I have to support several older computers and old operating systems. ... backup servers retrieved from master PETRA ...
    (microsoft.public.win2000.general)
  • Re: File Sharing works one way
    ... When I go to Network Properties on my LAN connection. ... Master browser name is: ZACH_COMPUTER ... There are 1 servers in domain CARADONNA on transport ...
    (microsoft.public.windowsxp.network_web)