|
Posted by Roger Abell [MVP] on November 27, 2007, 10:15 pm
If you were Registered and logged in, you could reply and use other advanced thread options
With what is included in Windows you need to decompose your
problem. It is not "how to prevent authorized user on unauthorized
machine" but "how to prevent any account on unauthorized machine".
That is, you can use such as IPsec to control what machines can
access the machine with the shares, which combined with NTFS
and share level permissions for user access control does allow
you to make sure that only allowed account may access the shares
from that machine when they are on allowed machines.
However, you probably need to take a step back and ask what
it is that you actually achieve. If they can bring a machine in
and out, then they easily can copy onto a usb device or use an
authorized machine to map a share from their unauthorized
machine and then copy to it via their login at an authorized
machine.
Roger
>I want to prevent a user from accessing the fileshare if they come from an
> unauthorized machine.
> As of now, if Joe User brings in his personal laptop and plugs it into the
> network, and tries to access a Windows 2003 file share, it prompts them
> for
> username/password. If they enter their AD uname/pw, they can gain access.
>
> How can I prevent authorized users on unauthorized machines from gaining
> access to W2K3 file shares?
| 
XML site map