[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 218
  • Last Modified:

how to make a folder accessed only by computers joining my domains????

Hello

i have a domain called rekabaint.com. i have one domain controller for it.
all of my environment is windows server 2008.
i have one folder on this domain controller and i want this folder to be accessed only by users logging from other computers but if their computers are members of my domains.
how can i do that?

i shared this folder and give full permissions to every one. in the security tab of this folder, i gave permission to domain users only. the problem is when some one logged to his computer using a local account. and click start -> run and write \\ipaddress, a screen appears asking him to enter his user name and password. if he does so, he will be able to access my folder. i do not want that. i want to enforce access to this folder to computers who join the domain and enter with a domain account. how can i do that??

regards
0
aft
Asked:
aft
  • 4
  • 3
1 Solution
 
Pete LongTechnical ConsultantCommented:
Grand rights to "Authenticated Users" and remove "Everyone"
0
 
aftAuthor Commented:
i think u did not read my question carefully. plz read it again

in the security tab, i gave access to domain users only
0
 
PberSolutions ArchitectCommented:
I would also adjust the share permissions not to have Everyone, but Authenticated users as Pete mentioned.  I also personally don't give authenticated users anything higher than modify at the share.  This safeguards too much access, but that works for our environment.
So when the user is logging on locally and trying to access a domain share, he/she is then prompted for a username/password and then granted access?  This is normal and by design.
As long as the user can provide sufficient credentials to access the network resource, they should get in.  This can be either a local username/password on the target machine, a domain username/password or a even passthrough authentication via a local username/password that matches a domain password.
What username and password is the user using when prompted?  The local one or is it the domain one?  It is is the domain one, this is exactly how it is supposed to work.  If it is the local one, than either everyone access might be coming into play or the user is using passthrough because they have a matching domain username/password.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
aftAuthor Commented:
>>What username and password is the user using when prompted?
the domain one. but there is no way to make this folder shared only to users enter from computers that are member of domain but not member in a workgroup?????
0
 
PberSolutions ArchitectCommented:
Not really.  If the prompt is presented and you provide acceptable credentials, you're in.   By supplying the domain credentials, it's authenticating the user on the domain.
You could try playing with ipsec, read these articles to see if it may help:
http://technet.microsoft.com/en-us/library/cc782433.aspx 
http://windowsitpro.com/article/articleid/96927/use-ipsec-to-isolate-a-domain.html 
0
 
aftAuthor Commented:
so how can i enforce people to make their computers members of the domain. they must do that because i am installing some software (using group policy) that is needed for them to open the files in the shared directory ????????????????????
0
 
PberSolutions ArchitectCommented:
That's where company policy comes into play.  All machines must be on the domain.
If possible, users should never be given admin rights on their machines.  Thus only Admins can add the machine to the domain.  This would prevent them from removing computers from the domain.   All new computers given to users would already be on the domain.
 
 
0
 
aftAuthor Commented:
but they can install a new copy of the windows and use it to login locally to their machine
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now