Restricting a windows file-share to certain domain users AND certain domain computers
Posted on 2012-12-27
I have two virtual zones in my office, one "secure" and the other "public."
All PCs in the office are on the same domain.
Inside the secure zone, we have about 6 PCs, let's call them SECURE_PC1, SECURE_PC2., ...., SECURE_PC6.
There is also a SECURE_SERVER that hosts file shares, let's call them SECURE_SHARE1, SECURE_SHARE2, and so on.
Now, I would like to restrict access to these secure shares, such that only certain users can access them, provided that they are doing so from one of the secure PCs.
User Joe can access SECURE_SHARE1 if he is logged into SECURE_PC3.
But if the same user Joe tried to access SECURE_SHARE1 from his personal PC elsewhere in the office, he would not be able to.
What is the best way to achieve this kind of security?
The SECURE_SERVER is running Windows Server 2008 R2 Enterprise (SP1) and all SECURE_PCs are running Windows 7 Professional (SP1). The other PCs in the office are also running Windows 7 Professional (SP1).