Is it possible to restrict fileserver access to domain users using computers that are members of the domain?

Posted by Chris Madden on Server Fault See other posts from Server Fault or by Chris Madden
Published on 2010-12-20T15:51:38Z Indexed on 2010/12/21 12:55 UTC
Read the original article Hit count: 268

Filed under:

windows-domain

It seems domain isolation can be used to accomplish, but I'd like a solution that doesn't require IPsec, or more accurately, doesn't require IPsec on the fileserver. IPsec if done in software has a large CPU overhead and our NAS boxes don't support any kind of offload.

The goal is to avoid authenticated users using non-managed machines to access network resources. Network Access Protection (NAP) and the various enforcement points looked promsiing but I couldn't find a bulletproof way to use them [which doesn't require IPsec on the fileserver].

I was thinking when a domain user accesses the NAS box it will first need a Kerberos ticket from AD, so if AD could somehow verify the computer that was requesting the ticket was in the domain I'd have a solution.

Related posts about windows-domain

Cancel Windows Domain Membership durin Suse installation

as seen on Super User - Search for 'Super User'
Hi, I am installing SUSE 11.2, and went with the default options, now it reached the point of "Windows Domain Membership". At job I do not remember the right names, so I tried some but I get an error message which says "cannot use the group "WORKGROUP" for Linux authentication", etc. So I would… >>> More
Cancel Windows Domain Membership durin Suse installation

as seen on Server Fault - Search for 'Server Fault'
0 vote down star Hi, I am installing SUSE 11.2, and went with the default options, now it reached the point of "Windows Domain Membership". At job I do not remember the right names, so I tried some but I get an error message which says "cannot use the group "WORKGROUP" for Linux authentication"… >>> More
Windows Domain Controller: Create a test environment from a production environment

as seen on Server Fault - Search for 'Server Fault'
I need to create a working test environment of a domain we have. I need to have all the data from the production environment in the test environment. What is the best way to go about doing this? Here are some ideas I have but I am not sure if there is a better/recommended way of doing this. Use… >>> More
Why is the DNS on my Windows Server 2012 not authoritative according to dig?

as seen on Server Fault - Search for 'Server Fault'
This is me trying to understand something rather than a real problem. I have a new Windows Server 2012 Essentials. That server provides, DNS, DHCP etc. Lets say my Windows domain is my-windows-domain and the server's host name is my-server. The domain's DNS zone is my-windows-domain.local. The server's… >>> More
Granting rights to Windows domain Users in Ubuntu?

as seen on Stack Overflow - Search for 'Stack Overflow'
I've connected an Ubuntu 9.10 server to my Windows domain with Likewise Open. I am able to log into the server with my domain account (as DOMAIN\user), but my administrative rights don't carry over. How can I grant admin rights to domain user accounts? >>> More

Developer IT