DirectAccess remove access to UNC drives?

I've setup my first DirectAccess site (for a school with a notebook program). Connection is working fine through our TMG 2010 DMZ (2 NIC's) routing traffic to the DA server (single NIC). 

The initial reason for using DirectAccess was to push students into using the schools filtered proxy server for Internet access from home. We want to be able to restrict access to network shares while at home, but still allow access at school. I've tried to set a deny permission for the DA$ server itself, but that hasn't helped.  The shares are hosted on the DC, which also hosts DNS via AD Integrated.

It's actually not the students we are worried about in this situation, we are more worried about parents browsing the network, which may have student photo's and other data.

If we could restrict via specific shares that would be a better scenario.  This way we could allow them access to their Home drive, while denying access to the photo's and shared drives.

April 27th, 2015 7:47pm

Hi,

From a network point of view, when you try to connect to UNC share throught DirectAccess, it's your DirectAccess Gateway internal network card that your file share see. You can put a firewell outbound rule that block outgoing SMB going to your fileshare (on your DirectAccess Gateway) or create an incoming firewall rule that block SMB trafic comming from the internal network card of your DirectAccess Gateway (on your Fileshare).

Restricting to specific share is a little much more problematic.

Free Windows Admin Tool Kit Click here and download it now
April 28th, 2015 3:23am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics