Re: prevent access to shared folder when not on a domain computer

From: koolkat (koolkat_at_discussions.microsoft.com)
Date: 07/12/05 

Date: Tue, 12 Jul 2005 00:48:02 -0700

Thanks Steven,

Unfortuneatly the shared folders reside on a Win 2003 Server that also acts
as the backup domain controller, so from what you mentioned below I won't be
able to use ipsec on my server. Isn't there any other method of preventing
non-domain computers accessing shared folders?

Regards,
----------------------

"Steven L Umbach" wrote:

> One solution would be to use ipsec with an ipsec server require policy on
> the server which by default will then allow only domain computers with a
> compatible ipsec policy to access the server. By default ipsec in a forest
> will use kerberos for "computer" authentication before a security
> association will allow communications. Note this will not work if the server
> is a domain controller as you must configure ipsec policies to exempt domain
> controllers from ipsec ESP/AH with other domain computers for at least
> authentication and AD traffic. Ipsec policies must be carefully planned and
> tested first so as to not lockout domain computers from legitmate traffic.
> See the links below if interested. --- Steve
>
> http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx
> --- using ipsec for domain isolation
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q254949
>
>
> "koolkat" <koolkat@discussions.microsoft.com> wrote in message
> news:C1665EBF-8458-48E4-802A-61ED1D5A70D2@microsoft.com...
> > Hi,
> >
> > Is there a way of preventing shared folder access from a non-domain member
> > computer?
> >
> > Currently if a user brings his personal laptop to the office and gives the
> > pathname to his shared folder in Windows explorer he is asked for the
> > username and password. Since the same user has an account on the domain he
> > can then access the shared folder on his personal laptop. Is there a way
> > of
> > preventing this?
>
>
>

Relevant Pages

  • Re: Group policy to restrict who Recieves an IP from DHCP???
    ... DHCP is not a good security mechanism though you can use reservations that ... capable switches, compatible operating systems, PKI, and IAS server on the ... Ipsec may be something to look at. ... While you can use ipsec to protect domain computers, ...
    (microsoft.public.win2000.group_policy)
  • Re: prevent access to shared folder when not on a domain computer
    ... One solution would be to use ipsec with an ipsec server require policy on ... controllers from ipsec ESP/AH with other domain computers for at least ...
    (microsoft.public.windows.server.security)
  • Re: SBS Server keeps shutting down
    ... as we have had a few power cuts recently and the server kept chugging along. ... I have no idea what IPSec is ... multiple reboot mentioned above and some other troubleshooting steps ...
    (microsoft.public.windows.server.sbs)
  • Re: L2TP/IPSec Verbindung läuft mit XP SP2 nicht mehr
    ... In XPSP2 the IPsec driver needs a registry setting when either the ... server or workstation are behind a NAT gateway. ... 1- Client initiates to a server that is behind the NAT ... > Peer Private Addr ...
    (microsoft.public.de.german.windowsxp.networking)
  • Re: Should I install Certificate Authority to solve these problems ?
    ... You can use IPsec with or without certs from your PKI. ... negotiations to your AD machines or those trusting the ... > In the item 1 below, the tool in use is a HP server management tool (type ... >>> Management is pushing to get Certificate Authority ...
    (microsoft.public.win2000.security)