I have not seen explorer be able to prevent a user from using the address bar to attempt changing where they are connected against and apologize for that; the only behavior I have seen is the same as the SA: the user can type whatever they want in the address bar; the ACLon the server then determines if access should be allowed or not.
back to the windows analogy, you can access locations that are not shared by using the hidden link on the <x> drive (e.g. C$, D$, Z$). if the user knows the full internal path, thety can type it in the address bar in explorer and connect. the server ACLs will then allow or deny access.
I did not state that explorer on the client can control what you type in the address bar. I stated that the server that you want to access does.
For the Windows analogy: you can only access those (default) administrative shares if you are an administrator. These are not accessible for a common user.
But I'll leave it at that now. It seems I'm the only one who thinks that fiddling with an obfuscated link should be allowed by an SA.
Contacting my account team to solve this and make an option out of it that seems to be considered as usefull by members here is not going to happen.
i apologize for misunderstanding. the SA controls what you access as well. i think what you are proposing, restricting access if a user modifies the obfuscated URL is a great idea. i can only speak for myself, but i didn't read any of the posts as sating that users can change the URL is good, only that the system currently allows it and the ACL has the final say in access.