List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] [OT] Restricting Access

Prev Next

You are not authorized to post a reply.

Author

Messages

habr

Posts:25

05/06/2008 11:30 AM
Gurus, My Network Engineer, working on a huge HSM project just walked up to me and said, "I want to restrict access to Files\Folders on a server to a particular group of Users but >only< if, they are logged on to >specific< workstations." Can it be done? Ώ] Thanks for any help RH Ώ] Without having to hire joe to write some "wrapper(s)" ;-) _____________________________ Rocky Habeeb <> MCSA 2003 Microsoft Systems Administrator Sewall 136 Center Street, PO Box 433 Old Town, Maine 04468 Voice: 207.827.4456 Ext. 387 Email: habr@sewall.com sewall.com _____________________________ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx

danholme

Posts:127

05/06/2008 2:21 PM
This is not possible with ACL changes. The whole point with Windows' security model is that a user is performing actions with an identity unique to the user. The user's "current computer" is not part of the token generated on the server, so it cannot be used. You would have to have another mechanism, for example: > Remote Desktop (limit the systems from which RD can be used) > A proxy application that provides the document. For example, you could (pretty easily) write a web page that gives a link to the document. An ASP.NET web page can identify the requesting system and use that information to perform business logic like "show the link or not" (or "allow download or not"). > Do some other sort of security (e.g. IPSec, perhaps) mechanism that "allows" only the workstation(s) to connect to the server at all. -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rocky Habeeb Sent: Tuesday, May 06, 2008 5:25 AM To: activedir@mail.activedir.org Subject: [ActiveDir] [OT] Restricting Access Gurus, My Network Engineer, working on a huge HSM project just walked up to me and said, "I want to restrict access to Files\Folders on a server to a particular group of Users but >only< if, they are logged on to >specific< workstations." Can it be done? Ώ] Thanks for any help RH Ώ] Without having to hire joe to write some "wrapper(s)" ;-) _____________________________ Rocky Habeeb <> MCSA 2003 Microsoft Systems Administrator Sewall 136 Center Street, PO Box 433 Old Town, Maine 04468 Voice: 207.827.4456 Ext. 387 Email: habr@sewall.com sewall.com _____________________________ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] [OT] Restricting Access

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads