Guest lansvcs Posted March 28, 2008 Posted March 28, 2008 We are using W2K3 Standard R2 SP2 as a file server. We grant access to the share using share permissions and NTFS permissions and all works as it should. We would also like to restrict which computers a user can access the share from. User A has access to the share from Compter A but User A is denied access to the share from Computer B. So far we have been unable to do this. Any ideas would be appreciated.
Guest Meinolf Weber Posted March 29, 2008 Posted March 29, 2008 Re: restrict access to file share by computer Hello lansvcs, What's the reason for this kind of configuration? If the user has access to his files, he should have it on all machines. Creating a domain gives you the big advantage that users can work from any workstation without configuring a lot of local accounts. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > We are using W2K3 Standard R2 SP2 as a file server. We grant access > to the share using share permissions and NTFS permissions and all > works as it should. We would also like to restrict which computers a > user can access the share from. User A has access to the share from > Compter A but User A is denied access to the share from Computer B. > So far we have been unable to do this. Any ideas would be > appreciated. >
Guest lforbes Posted March 30, 2008 Posted March 30, 2008 RE: restrict access to file share by computer Yes, that is by design. NTFS permissions are set via user account not via what computer they are logged into. Group Policies don't affect NTFS permissions. For those computers you can use the loopback policy for that Computer OU (where restricted computers are) and when a user logs into that computer it sets severe group policies on the workstation including hiding access to My network places, restricting access to map drives, hiding all drives in My Computer etc. This won't "prevent" users from accessing the server shares but will make it pretty difficult especially if you block access to command or cmd (batch files). For the loopback policy search MS for more info. Basically you create an OU for those restricted computers and a group policy for that OU. In the computer configuration you enable the loopback policy and choose "merge" or "override" and then in the User Configuration of the same policy set the severe restrictions. Cheers, Lara "lansvcs" wrote: > We are using W2K3 Standard R2 SP2 as a file server. We grant access to the > share using share permissions and NTFS permissions and all works as it > should. We would also like to restrict which computers a user can access the > share from. User A has access to the share from Compter A but User A is > denied access to the share from Computer B. So far we have been unable to do > this. Any ideas would be appreciated.
Recommended Posts