Re: How to configure Domain access permissions for a user that would vary based on the computer they log into?
- From: "MrMiLo@nospam" <mcahoon@xxxxxxx>
- Date: Fri, 23 Jun 2006 14:40:54 -0500
Thanks Steve, that is really a fine idea and I appreciate the time.
I may end up having to go this route but the way it is setup now, it seems
to kills off the XP ws access to sysvol. I don't see being able to use this
technique without adding servers to isolate the share functionality to a
pair of member servers.
This give me a different direction to think about as I was focusing on GPOs
and Permissions to target/limit the specific shares. Anyone else have any
ideas?
Thanks again.
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:Oo2oSGWlGHA.1640@xxxxxxxxxxxxxxxxxxxxxxx
You would have to configure access at the computer level and that could be
done in a couple of ways. If you could enable the Windows Firewall on the
servers with the shares you could specify the exception for file and print
sharing and then the IP addresses that are allowed access to file and
print sharing. For that to work well you would want to make sure that the
user are not local administrators on their computers and that the IPs in
the allowed list are static IPs. The other way would be to use ipsec to
have an ipsec require policy on the servers with the shares for at least
the ports used for file and print sharing and then making sure only the
computers you want to have access have a compatible ipsec policy and that
the XP Pro computers do not. Ipsec is a somewhat complex topic that
requires a lot of planning, testing, and special considerations for domain
controllers. See the links below if interested. --- Steve
http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx
http://support.microsoft.com/?kbid=254949 --- very important
considerations for implementing ipsec in a domain
"MrMiLo@nospam" <mcahoon@xxxxxxx> wrote in message
news:%23YeVJxUlGHA.5108@xxxxxxxxxxxxxxxxxxxxxxx
How to configure Domain access permissions for a user that would vary
based on the computer they log into?
I have a server farm consisting of all windows 2003 servers with R2
All my workstations are Windows XP professional with SP2
What I would like is to be able to limit my users access to domain shares
(specifically DFS shares) so that these shares are only accessible while
they are logged into and using one of the Terminal Servers.
I do not want these shares accessible from the XP Pro workstations.
I would like to keep the XP Pro workstations on the domain so i can
implement some GPOs.
I really do not want to limit the XP systems networking (so users can
still do in-office printer sharing, etc) with Group Policies and I would
prefer to have the user use their same login and password for both the XP
and Terminal Server logins.
Does anyone know of any way to achieve this?
Thanks
.
- References:
- Prev by Date: Re: How to Stop Auditing Local Settings History Folder?
- Next by Date: removing user from domain users group doesn't help
- Previous by thread: Re: How to configure Domain access permissions for a user that would vary based on the computer they log into?
- Next by thread: NTFS permissions not applying consistently
- Index(es):
Relevant Pages
|
