How to prevent users on unauthorized machines from w2k3 files

[Scott]

I want to prevent a user from accessing the fileshare if they come from an
unauthorized machine.
As of now, if Joe User brings in his personal laptop and plugs it into the
network, and tries to access a Windows 2003 file share, it prompts them for
username/password. If they enter their AD uname/pw, they can gain access.

How can I prevent authorized users on unauthorized machines from gaining
access to W2K3 file shares?

 

[Roger Abell [MVP]]

With what is included in Windows you need to decompose your
problem. It is not "how to prevent authorized user on unauthorized
machine" but "how to prevent any account on unauthorized machine".
That is, you can use such as IPsec to control what machines can
access the machine with the shares, which combined with NTFS
and share level permissions for user access control does allow
you to make sure that only allowed account may access the shares
from that machine when they are on allowed machines.

However, you probably need to take a step back and ask what
it is that you actually achieve. If they can bring a machine in
and out, then they easily can copy onto a usb device or use an
authorized machine to map a share from their unauthorized
machine and then copy to it via their login at an authorized
machine.

Roger

"Scott" <Scott@discussions.microsoft.com> wrote in message
news:F46B847A-5464-4C7B-B2F8-E18B01EB6C0C@microsoft.com...
>I want to prevent a user from accessing the fileshare if they come from an
> unauthorized machine.
> As of now, if Joe User brings in his personal laptop and plugs it into the
> network, and tries to access a Windows 2003 file share, it prompts them
> for
> username/password. If they enter their AD uname/pw, they can gain access.
>
> How can I prevent authorized users on unauthorized machines from gaining
> access to W2K3 file shares?