We are trying to tighten down security. I'm curious how others are handling this. We have users who have local desktop access and authority to map drives. Since they belong to the lawson group, and that group has to have ability to log on locally to the server, how do you keep someone (non lawson admin - but admin skills) from mapping a drive to the lawson folders and navigating through the files? We don't want to have to manage a whole seperate set of logins just for lawson that are different than the network account, so that is NOT an option.

I'm thinking I'm staring right past the obvious on this one....

I presume you a windows client. Users can only map drives to shares they can access. What shares have been created and have your users been granted access to them?

Unless they absolutely need it, take away their local desktop authority... switch them to use the Portal interface instead, then they don't need to be able to sign in to the system.

We are a Unix shop, though and not Windows... The only people that have LID even installed are the Unix Admins, the rest of the users we set up with a default shell of /usr/bin/false