palexperts
asked on
Server 2008 share folders connection
Hi All
I installed windows 2008 server. I have some shared folders. Now any domain user using a computer that is joined to the domain can see these shared file which is fine for me. What I need to know is that :
How to prevent users from access the shared folders unless the are using a PC that is joined to the domain
To Explain: amy PC connected to the network can see by default the shared folder on the server if he know the IP server or the name of the IP. Now, I need to disable this user to access the shared folders unless this PC is joined to the domain
Hope this explain my case
Waiting your help
I installed windows 2008 server. I have some shared folders. Now any domain user using a computer that is joined to the domain can see these shared file which is fine for me. What I need to know is that :
How to prevent users from access the shared folders unless the are using a PC that is joined to the domain
To Explain: amy PC connected to the network can see by default the shared folder on the server if he know the IP server or the name of the IP. Now, I need to disable this user to access the shared folders unless this PC is joined to the domain
Hope this explain my case
Waiting your help
Brian B
In the properties of that folder on the server, change the security to allow only the users or AD groups that you want to have access.
If a user has access to the folder then they will have access to the folder on the domain or off the domain by typing their username and password into the authentication box. Really there is no way to block this.
ASKER
any idaes???????
I'm not sure what you are asking. Did my answer not address you question?
No, ideas because if a user or group has access to the folder or file it doesn't matter if the user is on a domain or not.
Rereading what you posted, maybe this will help... You want to only allow access to the folder if the *computer* is on the domain, not the *user* right? You would restrict access on the folder to the group domain users. Although this won't help if the computer is a domain member, but the user is logged on with local credentials, it will work is the user is logged on to the domain. Since they can't be logged on to the domain if the computer is not a domain member.
The only flaw is if the user knows the name of the share, they can still try and access it and may be prompted for their domain credentials even if the computer is not a domain member.
If you are trying to do this for security reasons to prevent unauthorized computers from connecting to your servers, your best bet may more security at a lower level, like 802.11x authentication or something.
The only flaw is if the user knows the name of the share, they can still try and access it and may be prompted for their domain credentials even if the computer is not a domain member.
If you are trying to do this for security reasons to prevent unauthorized computers from connecting to your servers, your best bet may more security at a lower level, like 802.11x authentication or something.
ASKER
Dear TBone2K
Can you please explain what exactly you mean by " security at a lower level, like 802.11x authentication or something" what should I do?
Thanks
Can you please explain what exactly you mean by " security at a lower level, like 802.11x authentication or something" what should I do?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks for the points... just wanted to point out my typo... I meant 802.1x.