|
Posted by moncho on October 11, 2007, 7:10 am
Please log in for more thread options DaveMo wrote:
>> Windows 2003 Std as DC
>> Windows 2003 Std as File Server
>> Windows 2003 Std as TS Server
>>
>> FS has a shared drive of F:\SD
>> TS needs Full Control of F:\SD\DATA$ for
>> the main business application
>>
>> All internal and external users log on to
>> TS server to access the business application.
>> The TS is using UNC Pathing \FS\SD\DATA$.
>>
>> What I would like to do is setup the shared
>> drive and NTFS permissions so that all
>> authenticated users have R+W access but
>> ONLY from the TS server and no access from their
>> local workstation.
>>
>> I hope that came out correctly and is possible.
>>
>> I am thinking that I should add all computer
>> accounts, except TS computer, to a Security Group
>> and then deny access for that Security Group.
>>
>> Am I correct in my thinking on this?
>>
>> Thanks.
>>
>> moncho
>
> Hello Moncho,
>
> No, there's no way you can do this through the ACL on the file share.
> When the users log on to the TS and then connect to the file server
> the authentication will be as the user. The fact that they came
> through the TS box is irrelevant as far as the ACL/FileShare security
> is concerned. It's very easy to solve this challenge using IPSEC,
> however. A simple policy that only allows access from the TS box
> should do the trick.
Thanks Dave.
I will look into this.
moncho
| 
XML Sitemap