Click here to get back home

Folder permissions based on computer name instead of user name
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Folder permissions based on computer name instead of user name Patrick D 06-21-2008
Posted by Patrick D on June 21, 2008, 1:18 am
Please log in for more thread options
 Everyone knows that you can set security permissions for a file or
folder (in NTFS) based on specific user accounts or groups. But can
you set the permissions based on a computer account or group?

I want to be able to deny access to specific folders or files based on
the computer account that is being used to access the server, rather
than the user account. I know how to use a loopback policy, that lets
me apply a user policy based on the computer account in the OU, but I
don't know if there is any policy (or preference) relating to
permissions on a specific folder on the server.

The scenario: we have a shared file resource and multiple versions of
different software that use that resource. Some versions of the
software use incompatible file formats. The software is installed on
various PCs. All I want to be able to do is block a person who is on a
specific computer from being able to access that file. I don't want to
block that person if they are on a computer that has the right
software version installed.

We can easily determine which PCs by user account name have the
correct software installed. Problem is how to translate that into GPO
settings when folder permissions in general aren't based around these.

Best I can think of, off the top of my head, is some of the security
policies like Restricted Groups etc. Maybe able to deny access to the
local installed applications on that machine? I don't know enough
about the local security policies to be able to work this one out by
myself.

Posted by Anthony [MVP] on June 21, 2008, 10:46 am
Please log in for more thread options
 Patrick,
Although you can create a group of computer accounts and set a Deny for it,
that will affect the Local System account, not the user of the computer, so
it won't do what you want.
Normally you would do that by mapping a different drive, or setting a
different path in the application, rather than denying access. I can't think
of a way you would deny the user based on the computer they were coming
from,
Anthony,
http://www.airdesk.co.uk



> Everyone knows that you can set security permissions for a file or
> folder (in NTFS) based on specific user accounts or groups. But can
> you set the permissions based on a computer account or group?
>
> I want to be able to deny access to specific folders or files based on
> the computer account that is being used to access the server, rather
> than the user account. I know how to use a loopback policy, that lets
> me apply a user policy based on the computer account in the OU, but I
> don't know if there is any policy (or preference) relating to
> permissions on a specific folder on the server.
>
> The scenario: we have a shared file resource and multiple versions of
> different software that use that resource. Some versions of the
> software use incompatible file formats. The software is installed on
> various PCs. All I want to be able to do is block a person who is on a
> specific computer from being able to access that file. I don't want to
> block that person if they are on a computer that has the right
> software version installed.
>
> We can easily determine which PCs by user account name have the
> correct software installed. Problem is how to translate that into GPO
> settings when folder permissions in general aren't based around these.
>
> Best I can think of, off the top of my head, is some of the security
> policies like Restricted Groups etc. Maybe able to deny access to the
> local installed applications on that machine? I don't know enough
> about the local security policies to be able to work this one out by
> myself.



Similar ThreadsPosted
How to configure Domain access permissions for a user that would vary based on the computer they log into? June 21, 2006, 11:58 am
Granting access based on user location August 12, 2005, 10:36 am
user restrictions accessing server based folders using the SBS 200 March 16, 2006, 6:46 am
Adding Computer account to folder security March 20, 2006, 9:19 am
prevent access to shared folder when not on a domain computer July 11, 2005, 8:50 pm
Folder and Sub-folder permissions September 5, 2007, 5:01 pm
How to set folder permissions May 3, 2006, 9:08 am
Folder permissions help November 16, 2007, 10:19 am
Updating folder permissions November 9, 2005, 11:31 pm
NTFS , folder permissions ! Need Help January 4, 2006, 11:51 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap