Server 2003.. setup a share directory that requires all users to connect from domain computers

[brxndxn]

What is the easiest way to set up a share directory that requires all users to connect from a domain computer?

All over google, I see stuff like kerberos, certificate authority, ipsec, etc.. WTF.. isn't there just some way to add 'domain computers' as a requirement to access a share?

 

[imported_snikt]

What you can do is remove Everyone from the ACL list and add Authenticated Users. In that way only users that have been authenticated through the DC will be granted access to the share. From there you can get as granular as needed in the Advanced options. Hope that's what you were referring to.

 

[yinan]

The methods you mentioned are the only ways to enforce connecting to a share from a domain computer. Anyone can authenticate to a server from any machine by typing \\servername\sharename even if the everyone group is removed from the Share ACL.

Yinan

 

[TheKub]

Again what you are looking to do is beyond the scope of NTFS\Share rights. When you access one it only cares about the user account because its the user that is accessing the data NOT the computer.

I suppose a hack would be, if the non domain PCs do not need to access the server AT ALL you can put in a bogus entry in all the non-domain PC Host files. Easily worked around if you know about networking but it may fool the average Joe. Again this will effect ALL communications to that server from those machines.