Hello,
This is my first discussion post on this website. I did a google search for this answer and I found this site instead. I have experience as a computer tech/ webmaster (With moderate small home/office networking skills). I work for OMSCopiers.com (Mainly as the website administrator) and I recently have been assigned to research this issue for a client.
Our client has an existing network (Windows based). They share the network with another group (Engineering) within the Company. Currently, the network does not restrict one group (Engineering) from seeing the other (Accounting). They were under the impression this issue was prevously fixed from their ex-network guys. I would assume changing the subnet mask of one group would do the trick, But....
The accounting department wants to continue seeing the engineering department, and block the engineering department from seeing the accounting department... How do I go about doing this?
We received the OK to research this situation; however, at this point, I am not certain if their Windows 2003 Server or Router is running DHCP. I will find out soon, but for now, I am assuming the server is handling DHCP.
Thanks in advance,
Aaron
Full Version: Help.. Two separate groups on one network
Describe "see" in this sense. If you want network separation/control over different machines on the same network segment, you'll need to do a VLAN on the switch, or perhaps use a firewall if you need finer control.
If by "see" you mean browse, if they're on the same subnet it's not possible without some network controls in place.
If by "see" you mean browse, if they're on the same subnet it's not possible without some network controls in place.
You could stick a firewall in between the 2 and block ports 137-139 and 445 one way only. That would allows shares only one way to be enumerated 
This is gonna get messy though, do they have only one server?
This is gonna get messy though, do they have only one server?
Thank you for your fast responses. I should have given more detail when composing the message.. sorry.
Both groups can browse computer and printer shares. We (OMS) originally went in the office to repair/configure network printers. While configuring the PC's and Server for network printing, we were able to see the printers from the other network (BTW: We also had admin permissions to alter the printer configurations).
Fortunately, there are two servers; one for accounting, and one for engineering.
I will look more into this firewall idea... I usually use firewalls to open certain ports for external access (such as Remote Desktop, FTP, WWW, and Security Surveillance Ports), but never placed a firewall for inner-office use (never had to). Which Firewall (Preferably inexpensive) would you recommend for such a task?
I will also look into this 'VLAN'.
Thanks,
Aaron
Both groups can browse computer and printer shares. We (OMS) originally went in the office to repair/configure network printers. While configuring the PC's and Server for network printing, we were able to see the printers from the other network (BTW: We also had admin permissions to alter the printer configurations).
Fortunately, there are two servers; one for accounting, and one for engineering.
I will look more into this firewall idea... I usually use firewalls to open certain ports for external access (such as Remote Desktop, FTP, WWW, and Security Surveillance Ports), but never placed a firewall for inner-office use (never had to). Which Firewall (Preferably inexpensive) would you recommend for such a task?
I will also look into this 'VLAN'.
Thanks,
Aaron
Well it sounds to me like blocking ports 67 and 68 would stop DHCP passing through the FW and stopping 137-139 + 445 only one way would stop shares being browsed.
But is this good enough? thats just an idea off the top of my head
But is this good enough? thats just an idea off the top of my head
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.