How can I prevent PC from seeing/connecting to other PCs on the LAN?

roman29

New member
Local time
9:07 PM
Messages
1
Hey there,

I have a Windows 7 workstation that people connect to remotely via LogMeIn.

I recently decided to move it to my home LAN, because it has faster Internet than work LAN. My home LAN has many personal computers on it, with file and printer sharing enabled. Most of these shares are not password protected for convenience.

So the problem is that this workstation is able to see and connect to personal computers. I do not want this. I've temporarily password protected as many shares as I could, but it's not a permanent solution because it's a big family, and there are many computers, and I probably missed some. Unfortunately I can't use that Windows 7 homegroup sharing feature because more than half of the computers are Linux or Macs or Windows XP.

I've researched the ports used by Windows File sharing, and made an Access Control policy in my router to block IP and Port ranges specifically for this workstation, to try and prevent it from discovering my other computers, but it did not help. I suspect this network access policy only applies to IPs and Port ranges on the Internet, not on the LAN. (btw router is D-Link DGL-4300)

I'm looking for some solution either by tweaking settings in the workstation to make it blind, or making some changes with the networking gear. Or maybe there is another way of accomplishing this.

Most literature on the internet is focused on making file sharing work, but mine is working perfectly out of the box, I'm trying to brake it.

Thank you.
 

My Computer My Computer

At a glance

Windows 7 64b
OS
Windows 7 64b
Roman29, you are right about the fact that those policies on your router only affect connections from the Internet. I have never seen a SOHO router that can do those types of policies for the LAN.

I just realized you want the opposite of what I originally had interpreted your post to be. You are concerned that your Windows 7 workstation can see other workstations on your network. I am not an expert on this specific situation, but take a look at the Advanced Settings in the Windows Firewall. Specifically, look at Outbound Rules. I would consider disabling File and Print Sharing, and also the Network Discovery rules.
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Pro 64bitIntel i5 750 - OCed @ 3.57GHz8GB DDR3GTX260
Computer Manufacturer/Model Number
ME!
OS
Windows 7 Pro 64bit
CPU
Intel i5 750 - OCed @ 3.57GHz
Motherboard
Gigabyte P55A-UD3
Memory
8GB DDR3
Graphics Card(s)
GTX260
Sound Card
onboard sound
Monitor(s) Displays
Dual 22" LCD
Screen Resolution
1680x1050 x 2
Hard Drives
removable - 2x Samsung F1 1TB; WD Caviar Black 1TB
PSU
I forgot - 750W Antec
Case
Antec P18something
Cooling
I blow on the CPU from time to time
Mouse
Logitech MX laser
Internet Speed
7Mb
Why not just enable password protected sharing on all computers? Just go to each computer, enable password protected sharing, and create identical users/passwords on that computer (make a list of all users/passwords, then make sure each computer has that list on it). No one will be asked to provide a password, because if you did everything correctly that user/password exists on the target computer. However, if you keep your one computer user off the list, that user won't have access to any of the other computer files.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1Core i7-2670QM8GB DDR3 PC3-10600Intel HD Graphics 3000 + GeForce GT 540M
Computer Manufacturer/Model Number
Dell XPS 15 L502x
OS
Windows 7 Ultimate x64 SP1
CPU
Core i7-2670QM
Memory
8GB DDR3 PC3-10600
Graphics Card(s)
Intel HD Graphics 3000 + GeForce GT 540M
Screen Resolution
1920x1080
Hard Drives
1TB 5400RPM Seagate
That will not only be less convenient because of having to do it on all the other workstations, but then, roman29 will always have to keep up with the workstations, making sure changes aren't made that affect the security, such as replacing a workstation or adding a workstation. Don't you think it would be safer and more convenient to do it at the source?

Roman29, somthing that just popped into my head: There is another issues to consider: You probably want to block the users RDPed into your machine from accessing the GUI on your router, too? They could completely open up the firewall to that PC allowing other types of connections. They could see what clients are connected to your router, and forward ports to those workstations, and then access them. Something to think about.....
 

My Computer My Computer

At a glance

Windows 7 Pro 64bitIntel i5 750 - OCed @ 3.57GHz8GB DDR3GTX260
Computer Manufacturer/Model Number
ME!
OS
Windows 7 Pro 64bit
CPU
Intel i5 750 - OCed @ 3.57GHz
Motherboard
Gigabyte P55A-UD3
Memory
8GB DDR3
Graphics Card(s)
GTX260
Sound Card
onboard sound
Monitor(s) Displays
Dual 22" LCD
Screen Resolution
1680x1050 x 2
Hard Drives
removable - 2x Samsung F1 1TB; WD Caviar Black 1TB
PSU
I forgot - 750W Antec
Case
Antec P18something
Cooling
I blow on the CPU from time to time
Mouse
Logitech MX laser
Internet Speed
7Mb
Back
Top