Re: File permissions based on machine?

Giganews Newsgroups
Subject: Re: File permissions based on machine?
Posted by:  Herb Martin (ne…@LearnQuick.com)
Date: Thu, 8 Feb 2007

"D.P. Roberts" <DProber…@pbride.com> wrote in message
news:eZwpHp7SHHA.12…@TK2MSFTNGP06.phx.gbl...
> Please direct me to the appropriate group if this isn't the right place.

It probably isn't the right place but usually try to help anyway.

> Here's my question: How can I set file permissions on a directory that
> allows Authenticated Users access, but only IF they are logged on to a
> specific domain computer.

You cannot do that.

You can require that everyone be in your domain/trust relationship or
have a particular certificate to connect using tools like IPSec policies,
but you cannot easily do what you suggest AND let other users at
other computers  connect to the server shares.

> If they try mapping the share from home

Home is easier since presumably you can filter by IP address (using
IPSec filters even without IPSec enforcement is quite doable.)

> ...or logging on to a different domain computer, they should be denied
> access to the directory. Does anyone know if this is possible? I tried
> granting permissions to that computer in the directory's ACL and removing

No, you are just denying access to that COMPUTER ACCOUNT, not
to a user authenticated but working from there.

> Authenticated Users from the list, but could not access the directory when
> logged on to that computer - or any computer for that matter.
>
> Thanks in advance for any help with this...

You can require each user to be at a particular (set of) computers when
logging
onto the domain.  Does that help?

User must be at one of  N (<10)  computers to logon, but then they cannot
use any other domain computers for direct logon.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

Replies

None

In response to

File permissions based on machine? posted by D.P. Roberts on Thu, 8 Feb 2007