giving change-permission to specific Computers and/or appl..

Toggle sidebar Toggle sidebar
bc4

bc4

Distinguished
Apr 20, 2004
772
0
18,990
Archived from groups: microsoft.public.win2000.security (More info?)

Hello,
Is it possible to assign permissions to a shared folder (on a file server)
so that only specific computers on the domain (regardless of the USER) can
change it's contents? Even better would be to give change-permission to
specific applications on specific machines. Would using Active Directory
give us any extra flexibility in this context?

Many thanks,
BC
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

No, but yes.
This cannot be done directly, but it can.
In other words, one only grants to principals - that is the
accounts which are accessing or groups in which they are
members.
So, one cannot grant to "that machine" and then have something
accessible to anyone logged into that machine; nor can one grant
to "application X on that machine" and then have some shared
area accessible to any account running application X on that
machine.
However, in a domain environment one can define a custom
group and then use this to control ability to log into "that machine"
or to "run application X on that machine", and also use this same
custom group to allow access to the shared area on some other
(or the same) machine. This in effect accomplishes what you
were looking to do.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"BC" <BC@discussions.microsoft.com> wrote in message
news:42A98370-E5F9-4AD9-9B14-070999DEAD36@microsoft.com...
> Hello,
> Is it possible to assign permissions to a shared folder (on a file server)
> so that only specific computers on the domain (regardless of the USER) can
> change it's contents? Even better would be to give change-permission to
> specific applications on specific machines. Would using Active Directory
> give us any extra flexibility in this context?
>
> Many thanks,
> BC
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

To add to what Roger advised you can use an ipsec negotiation policy in an
Active Directory domain to restrict which computers can access a server
[other than domain controller]. Though the computer itself could not be
assigned permissions to a share, you can then restrict which users can logon
to any computer and then configure your share permissions to be appropriate
for user groups. --- Steve


"BC" <BC@discussions.microsoft.com> wrote in message
news:42A98370-E5F9-4AD9-9B14-070999DEAD36@microsoft.com...
> Hello,
> Is it possible to assign permissions to a shared folder (on a file server)
> so that only specific computers on the domain (regardless of the USER) can
> change it's contents? Even better would be to give change-permission to
> specific applications on specific machines. Would using Active Directory
> give us any extra flexibility in this context?
>
> Many thanks,
> BC
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom