Solved

how to make a folder accessed only by computers joining my domains????

Posted on 2008-10-14
9
204 Views
Last Modified: 2012-05-05
Hello

i have a domain called rekabaint.com. i have one domain controller for it.
all of my environment is windows server 2008.
i have one folder on this domain controller and i want this folder to be accessed only by users logging from other computers but if their computers are members of my domains.
how can i do that?

i shared this folder and give full permissions to every one. in the security tab of this folder, i gave permission to domain users only. the problem is when some one logged to his computer using a local account. and click start -> run and write \\ipaddress, a screen appears asking him to enter his user name and password. if he does so, he will be able to access my folder. i do not want that. i want to enforce access to this folder to computers who join the domain and enter with a domain account. how can i do that??

regards
0
Comment
Question by:aft
  • 4
  • 3
9 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 22710971
Grand rights to "Authenticated Users" and remove "Everyone"
0
 

Author Comment

by:aft
ID: 22711107
i think u did not read my question carefully. plz read it again

in the security tab, i gave access to domain users only
0
 
LVL 26

Expert Comment

by:Pber
ID: 22711595
I would also adjust the share permissions not to have Everyone, but Authenticated users as Pete mentioned.  I also personally don't give authenticated users anything higher than modify at the share.  This safeguards too much access, but that works for our environment.
So when the user is logging on locally and trying to access a domain share, he/she is then prompted for a username/password and then granted access?  This is normal and by design.
As long as the user can provide sufficient credentials to access the network resource, they should get in.  This can be either a local username/password on the target machine, a domain username/password or a even passthrough authentication via a local username/password that matches a domain password.
What username and password is the user using when prompted?  The local one or is it the domain one?  It is is the domain one, this is exactly how it is supposed to work.  If it is the local one, than either everyone access might be coming into play or the user is using passthrough because they have a matching domain username/password.
0
 

Author Comment

by:aft
ID: 22712032
>>What username and password is the user using when prompted?
the domain one. but there is no way to make this folder shared only to users enter from computers that are member of domain but not member in a workgroup?????
0
 
LVL 26

Accepted Solution

by:
Pber earned 125 total points
ID: 22712805
Not really.  If the prompt is presented and you provide acceptable credentials, you're in.   By supplying the domain credentials, it's authenticating the user on the domain.
You could try playing with ipsec, read these articles to see if it may help:
http://technet.microsoft.com/en-us/library/cc782433.aspx
http://windowsitpro.com/article/articleid/96927/use-ipsec-to-isolate-a-domain.html
0
 

Author Comment

by:aft
ID: 22718455
so how can i enforce people to make their computers members of the domain. they must do that because i am installing some software (using group policy) that is needed for them to open the files in the shared directory ????????????????????
0
 
LVL 26

Expert Comment

by:Pber
ID: 22723291
That's where company policy comes into play.  All machines must be on the domain.
If possible, users should never be given admin rights on their machines.  Thus only Admins can add the machine to the domain.  This would prevent them from removing computers from the domain.   All new computers given to users would already be on the domain.
 
 
0
 

Author Comment

by:aft
ID: 22747275
but they can install a new copy of the windows and use it to login locally to their machine
0

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now