How To prevent non-domain computers from accessing domain share folders by using domain users`s credentials ? RRS feed

  • Question

  • Hi.

    i am using windows server 2008 R2 as a domain controller and another machine with windows server 2008 R2 also as file sharing server and when i am accessing domain users`s share folders by their credentials from non domain computers it opens .

    my question is How To prevent non-domain computers from accessing domain share folders by using domain users`s credentials ?

    Monday, February 13, 2017 11:14 PM

All replies

  • I can't think of an "easy" way to do this using Windows Server 2008 R2. For the record, this sort of thing is trivial if the server OS is Windows Server 2012 R2 or Windows Server 2016.

    What you are looking to do is authenticate both the computer AND the user. The computer authentication is easy to provide for domain joined computers, just let Kerberos take care of it.

    I don't have a Windows Server 2008 R2 Server available to test with, but I suggest you investigate one of the following possible means to accomplish this task.

    1. Look at the options available on with Windows Firewall on Windows Server 2008 R2 to see if there are options to require secure communications (These options exist on 2012).

    2. Look at creating a simple IPSec policy using GPO to require client traffic to the file server establish a secure connection first using Kerberos. This will "just work" for domain joined machines, but non-domain joined machines won't be able to access the associated File & Print services on that file server.

    Good Luck.



    • Proposed as answer by Mike Jenne Tuesday, February 14, 2017 5:28 AM
    Tuesday, February 14, 2017 4:28 AM
  • Mike Jenne 

    Thanks dear for your time and effort

    i`ll try your suggestions and i`ll tell you what will happen with me


    Tuesday, February 14, 2017 4:52 PM
  • Hi Kareem ElOmda,

    Just to check if the above reply could be of help? If yes, you may mark that as answer, if not, welcome to feedback.

    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 17, 2017 7:36 AM
  • How is it trivial/actually done for Server 2012?
    Share Security - Domain Computers, NTFS Security - Specific Users/Groups?
    Why won’t it work in 2008?
    • Edited by Fedor T Friday, June 1, 2018 3:44 AM
    Friday, June 1, 2018 3:43 AM