Hello,
I have two virtual zones in my office, one "secure" and the other "public."
All PCs in the office are on the same domain.
Inside the secure zone, we have about 6 PCs, let's call them SECURE_PC1, SECURE_PC2., ...., SECURE_PC6.
There is also a SECURE_SERVER that hosts file shares, let's call them SECURE_SHARE1, SECURE_SHARE2, and so on.
Now, I would like to restrict access to these secure shares, such that only certain users can access them, provided that they are doing so from one of the secure PCs.
For example:
User Joe can access SECURE_SHARE1 if he is logged into SECURE_PC3.
But if the same user Joe tried to access SECURE_SHARE1 from his personal PC elsewhere in the office, he would not be able to.
What is the best way to achieve this kind of security?
The SECURE_SERVER is running Windows Server 2008 R2 Enterprise (SP1) and all SECURE_PCs are running Windows 7 Professional (SP1). The other PCs in the office are also running Windows 7 Professional (SP1).
Work out your groups carefully because a user can be in more than one group (does not have to be) and folder shares can overlap groups.
This all depends on user permissions, so Joe is secure or not secure but not both. A user using a non-secure PC would have to use a different userid.
... Thinkpads_User