|
Posted by Steve Riley [MSFT] on November 19, 2007, 11:35 pm
Please log in for more thread options Firewalls or other network gyrations are not the way to solve this problem.
This is a data security problem, which is best solved using mechanisms
designed for that. In this case, that includes shared folders with proper
NTFS permissions. Define the permissions using access control lists composed
of security groups, which in turn are composed of individual user IDs.
--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
> Thanks for responding.
>
> Sorry, but two posible solutions are not valid forme.
> First, the firewall close port of all share resources.
> Second: that is posible, but i work in a educational center, where
> pupil´s data and teacher´s data are stored in a diferent
> server(server_pupìl, server_teacher). When a teacher connect to
> server_teacher, computer have a special ip and router pass traffic. While,
> if
> pupil tries connect to server_teacher, router stop traffic.
> Router pass traffic when a pupil connect to server_pupil
>
> But now are stored in one server, with two network cards.
>
> Any idea ?
>
>
>
> "apo" wrote:
>
>> yep, you can do that
>>
>> use a firewall, appoint a ip that cant communicate with a share port( but
>> im
>> so sorry i dont know the number of a share application port)
>>
>> but we've other choice
>>
>> use NTFS permissions and share folder permissions, you can appoint who
>> can
>> access the resource and who cant, this way can get a same effect with a
>> firewall, and they get more flexibility than a firewall
>>
>> > In a server with a dual network card, i need connect one ip to a
>> > network
>> > and
>> > other to diferent network card. This is no problem.
>> > But when share a resource, i need that only one interface can connect
>> > to
>> > share resource.
>> >
>> > Is possible ?
>> >
| 
XML Sitemap