Re: File permissions based on machine?

Giganews Newsgroups
Subject: Re: File permissions based on machine?
Posted by:  Herb Martin (ne…
Date: Thu, 8 Feb 2007

"D.P. Roberts" <DProber…> wrote in message
> Please direct me to the appropriate group if this isn't the right place.

It probably isn't the right place but usually try to help anyway.

> Here's my question: How can I set file permissions on a directory that
> allows Authenticated Users access, but only IF they are logged on to a
> specific domain computer.

You cannot do that.

You can require that everyone be in your domain/trust relationship or
have a particular certificate to connect using tools like IPSec policies,
but you cannot easily do what you suggest AND let other users at
other computers  connect to the server shares.

> If they try mapping the share from home

Home is easier since presumably you can filter by IP address (using
IPSec filters even without IPSec enforcement is quite doable.)

> ...or logging on to a different domain computer, they should be denied
> access to the directory. Does anyone know if this is possible? I tried
> granting permissions to that computer in the directory's ACL and removing

No, you are just denying access to that COMPUTER ACCOUNT, not
to a user authenticated but working from there.

> Authenticated Users from the list, but could not access the directory when
> logged on to that computer - or any computer for that matter.
> Thanks in advance for any help with this...

You can require each user to be at a particular (set of) computers when
onto the domain.  Does that help?

User must be at one of  N (<10)  computers to logon, but then they cannot
use any other domain computers for direct logon.

Herb Martin, MCSE, MVP
(phone on web site)



In response to

File permissions based on machine? posted by D.P. Roberts on Thu, 8 Feb 2007