Tutorials-Win.com >> Windows Server >> restrict access to file share by computer

We are using W2K3 Standard R2 SP2 as a file server. We grant access to the
share using share permissions and NTFS permissions and all works as it
should. We would also like to restrict which computers a user can access the
share from. User A has access to the share from Compter A but User A is
denied access to the share from Computer B. So far we have been unable to do
this. Any ideas would be appreciated.

Top

Re: restrict access to file share by computer by Meinolf

Meinolf
Sat Mar 29 07:14:40 PDT 2008

Hello lansvcs,

What's the reason for this kind of configuration? If the user has access
to his files, he should have it on all machines. Creating a domain gives
you the big advantage that users can work from any workstation without configuring
a lot of local accounts.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> We are using W2K3 Standard R2 SP2 as a file server. We grant access
> to the share using share permissions and NTFS permissions and all
> works as it should. We would also like to restrict which computers a
> user can access the share from. User A has access to the share from
> Compter A but User A is denied access to the share from Computer B.
> So far we have been unable to do this. Any ideas would be
> appreciated.
>

Top

RE: restrict access to file share by computer by lforbes

lforbes
Sun Mar 30 13:26:00 PDT 2008

Yes, that is by design. NTFS permissions are set via user account not via
what computer they are logged into. Group Policies don't affect NTFS
permissions.

For those computers you can use the loopback policy for that Computer OU
(where restricted computers are) and when a user logs into that computer it
sets severe group policies on the workstation including hiding access to My
network places, restricting access to map drives, hiding all drives in My
Computer etc.

This won't "prevent" users from accessing the server shares but will make it
pretty difficult especially if you block access to command or cmd (batch
files).

For the loopback policy search MS for more info. Basically you create an OU
for those restricted computers and a group policy for that OU. In the
computer configuration you enable the loopback policy and choose "merge" or
"override" and then in the User Configuration of the same policy set the
severe restrictions.

Cheers,
Lara

"lansvcs" wrote:

> We are using W2K3 Standard R2 SP2 as a file server. We grant access to the
> share using share permissions and NTFS permissions and all works as it
> should. We would also like to restrict which computers a user can access the
> share from. User A has access to the share from Compter A but User A is
> denied access to the share from Computer B. So far we have been unable to do
> this. Any ideas would be appreciated.

Top