Solved

how to make a folder accessed only by computers joining my domains????

Posted on 2008-10-14
9
206 Views
Last Modified: 2012-05-05
Hello

i have a domain called rekabaint.com. i have one domain controller for it.
all of my environment is windows server 2008.
i have one folder on this domain controller and i want this folder to be accessed only by users logging from other computers but if their computers are members of my domains.
how can i do that?

i shared this folder and give full permissions to every one. in the security tab of this folder, i gave permission to domain users only. the problem is when some one logged to his computer using a local account. and click start -> run and write \\ipaddress, a screen appears asking him to enter his user name and password. if he does so, he will be able to access my folder. i do not want that. i want to enforce access to this folder to computers who join the domain and enter with a domain account. how can i do that??

regards
0
Comment
Question by:aft
  • 4
  • 3
9 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 22710971
Grand rights to "Authenticated Users" and remove "Everyone"
0
 

Author Comment

by:aft
ID: 22711107
i think u did not read my question carefully. plz read it again

in the security tab, i gave access to domain users only
0
 
LVL 26

Expert Comment

by:Pber
ID: 22711595
I would also adjust the share permissions not to have Everyone, but Authenticated users as Pete mentioned.  I also personally don't give authenticated users anything higher than modify at the share.  This safeguards too much access, but that works for our environment.
So when the user is logging on locally and trying to access a domain share, he/she is then prompted for a username/password and then granted access?  This is normal and by design.
As long as the user can provide sufficient credentials to access the network resource, they should get in.  This can be either a local username/password on the target machine, a domain username/password or a even passthrough authentication via a local username/password that matches a domain password.
What username and password is the user using when prompted?  The local one or is it the domain one?  It is is the domain one, this is exactly how it is supposed to work.  If it is the local one, than either everyone access might be coming into play or the user is using passthrough because they have a matching domain username/password.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:aft
ID: 22712032
>>What username and password is the user using when prompted?
the domain one. but there is no way to make this folder shared only to users enter from computers that are member of domain but not member in a workgroup?????
0
 
LVL 26

Accepted Solution

by:
Pber earned 125 total points
ID: 22712805
Not really.  If the prompt is presented and you provide acceptable credentials, you're in.   By supplying the domain credentials, it's authenticating the user on the domain.
You could try playing with ipsec, read these articles to see if it may help:
http://technet.microsoft.com/en-us/library/cc782433.aspx 
http://windowsitpro.com/article/articleid/96927/use-ipsec-to-isolate-a-domain.html 
0
 

Author Comment

by:aft
ID: 22718455
so how can i enforce people to make their computers members of the domain. they must do that because i am installing some software (using group policy) that is needed for them to open the files in the shared directory ????????????????????
0
 
LVL 26

Expert Comment

by:Pber
ID: 22723291
That's where company policy comes into play.  All machines must be on the domain.
If possible, users should never be given admin rights on their machines.  Thus only Admins can add the machine to the domain.  This would prevent them from removing computers from the domain.   All new computers given to users would already be on the domain.
 
 
0
 

Author Comment

by:aft
ID: 22747275
but they can install a new copy of the windows and use it to login locally to their machine
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question