Re: Restrict access to Share to combination of User + Computer
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Wed, 9 Apr 2008 05:35:15 -0700
"Hans Hinnekint" <hans.hinnekint@xxxxxxxxx> wrote in message
news:0DB1E758-62ED-4163-8F91-F191EE609C4D@xxxxxxxxxxxxxxxx
Hello,
I would like to restrict the access to some shares to a combination of
User + Computer, so that this share can only be accessed when the user
logs in on a specific set of computers.
I have static VLANs in place.
What is the best way to handle this?
- EFS
- IPSEC server/computer isolation
- NAP
Any help would be appreciated,
Hans Hinnekint
Hi Hans,
There is no direct way to meet those requirements.
If however you can say that all resources on the sharing machine
should only be accessed from a specific set of machines, then one
can use IPsec to enforce the access only "from these computers"
part and use NTFS/share-level permissions to enforce the access
only "by these users" part. Also, if you want to it is possible to
loosen the "all resources on the sharing machine" by having the
IPsec rules govern only the ports needed for filesharing, leaving
other accesses open to more machines.
I have seen a number of people attempt to meet reqs of your
scenario and the above is about as close as you can get with
the current off-the-shelf Windows.
Roger
.
- Follow-Ups:
- Re: Restrict access to Share to combination of User + Computer
- From: Hans Hinnekint
- Re: Restrict access to Share to combination of User + Computer
- References:
- Restrict access to Share to combination of User + Computer
- From: Hans Hinnekint
- Restrict access to Share to combination of User + Computer
- Prev by Date: Re: Renaming or deleting the systems (owner) folder.
- Next by Date: Re: domain security policy
- Previous by thread: Restrict access to Share to combination of User + Computer
- Next by thread: Re: Restrict access to Share to combination of User + Computer
- Index(es):
Relevant Pages
|
