Solved

how to make a folder accessed only by computers joining my domains????

Posted on 2008-10-14
9
207 Views
Last Modified: 2012-05-05
Hello

i have a domain called rekabaint.com. i have one domain controller for it.
all of my environment is windows server 2008.
i have one folder on this domain controller and i want this folder to be accessed only by users logging from other computers but if their computers are members of my domains.
how can i do that?

i shared this folder and give full permissions to every one. in the security tab of this folder, i gave permission to domain users only. the problem is when some one logged to his computer using a local account. and click start -> run and write \\ipaddress, a screen appears asking him to enter his user name and password. if he does so, he will be able to access my folder. i do not want that. i want to enforce access to this folder to computers who join the domain and enter with a domain account. how can i do that??

regards
0
Comment
Question by:aft
  • 4
  • 3
9 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 22710971
Grand rights to "Authenticated Users" and remove "Everyone"
0
 

Author Comment

by:aft
ID: 22711107
i think u did not read my question carefully. plz read it again

in the security tab, i gave access to domain users only
0
 
LVL 26

Expert Comment

by:Pber
ID: 22711595
I would also adjust the share permissions not to have Everyone, but Authenticated users as Pete mentioned.  I also personally don't give authenticated users anything higher than modify at the share.  This safeguards too much access, but that works for our environment.
So when the user is logging on locally and trying to access a domain share, he/she is then prompted for a username/password and then granted access?  This is normal and by design.
As long as the user can provide sufficient credentials to access the network resource, they should get in.  This can be either a local username/password on the target machine, a domain username/password or a even passthrough authentication via a local username/password that matches a domain password.
What username and password is the user using when prompted?  The local one or is it the domain one?  It is is the domain one, this is exactly how it is supposed to work.  If it is the local one, than either everyone access might be coming into play or the user is using passthrough because they have a matching domain username/password.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:aft
ID: 22712032
>>What username and password is the user using when prompted?
the domain one. but there is no way to make this folder shared only to users enter from computers that are member of domain but not member in a workgroup?????
0
 
LVL 26

Accepted Solution

by:
Pber earned 125 total points
ID: 22712805
Not really.  If the prompt is presented and you provide acceptable credentials, you're in.   By supplying the domain credentials, it's authenticating the user on the domain.
You could try playing with ipsec, read these articles to see if it may help:
http://technet.microsoft.com/en-us/library/cc782433.aspx 
http://windowsitpro.com/article/articleid/96927/use-ipsec-to-isolate-a-domain.html 
0
 

Author Comment

by:aft
ID: 22718455
so how can i enforce people to make their computers members of the domain. they must do that because i am installing some software (using group policy) that is needed for them to open the files in the shared directory ????????????????????
0
 
LVL 26

Expert Comment

by:Pber
ID: 22723291
That's where company policy comes into play.  All machines must be on the domain.
If possible, users should never be given admin rights on their machines.  Thus only Admins can add the machine to the domain.  This would prevent them from removing computers from the domain.   All new computers given to users would already be on the domain.
 
 
0
 

Author Comment

by:aft
ID: 22747275
but they can install a new copy of the windows and use it to login locally to their machine
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question