none
How To prevent non-domain computers from accessing domain share folders by using domain users`s credentials ?

    Pregunta

  • Hi.

    i am using windows server 2008 R2 as a domain controller and another machine with windows server 2008 R2 also as file sharing server and when i am accessing domain users`s share folders by their credentials from non domain computers it opens .

    my question is How To prevent non-domain computers from accessing domain share folders by using domain users`s credentials ?

    lunes, 13 de febrero de 2017 23:14

Todas las respuestas

  • I can't think of an "easy" way to do this using Windows Server 2008 R2. For the record, this sort of thing is trivial if the server OS is Windows Server 2012 R2 or Windows Server 2016.

    What you are looking to do is authenticate both the computer AND the user. The computer authentication is easy to provide for domain joined computers, just let Kerberos take care of it.

    I don't have a Windows Server 2008 R2 Server available to test with, but I suggest you investigate one of the following possible means to accomplish this task.

    1. Look at the options available on with Windows Firewall on Windows Server 2008 R2 to see if there are options to require secure communications (These options exist on 2012).

    2. Look at creating a simple IPSec policy using GPO to require client traffic to the file server establish a secure connection first using Kerberos. This will "just work" for domain joined machines, but non-domain joined machines won't be able to access the associated File & Print services on that file server.

    Good Luck.

    MJ


    MJ

    • Propuesto como respuesta Mike Jenne martes, 14 de febrero de 2017 5:28
    martes, 14 de febrero de 2017 4:28
  • Mike Jenne 

    Thanks dear for your time and effort

    i`ll try your suggestions and i`ll tell you what will happen with me

    thanks 

    martes, 14 de febrero de 2017 16:52
  • Hi Kareem ElOmda,

    Just to check if the above reply could be of help? If yes, you may mark that as answer, if not, welcome to feedback.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    viernes, 17 de febrero de 2017 7:36
    Moderador
  • How is it trivial/actually done for Server 2012?
    Share Security - Domain Computers, NTFS Security - Specific Users/Groups?
    Why won’t it work in 2008?
    • Editado Fedor T viernes, 1 de junio de 2018 3:44
    viernes, 1 de junio de 2018 3:43