How to block access to shares on domain computers from a work group computers?
In our company all workstations and servers are domain members. Some employees are allowed to use their personal laptops which are not domain members in the company network. The problem is that hey can access the shares in domain from their laptops by
entering the domain credentials when prompted as they already have domain user accounts. So, please help me to block them accessing domain shares from their workgroup latptops..
February 8th, 2012 10:14pm
You can use IPSec to allow network connections from domain-joined computers only or Firewall rules.
Also, you can assign personal laptops to separate VLAN, if your network devices support this feature.
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2012 2:02am
Hi,
You can implement IPSec Domain Isolation. It can isolate domain members from non-domain members. All domain members would be able to connect to each other securely. Non-domain members would not be able to connect to any domain machine, as they are not successfully
authenticated.
For more information, please refer to:
Server and Domain Isolation
http://technet.microsoft.com/en-us/network/bb545651
IPSEC Domain Isolation
http://blogs.technet.com/b/networking/archive/2008/05/30/ipsec-domain-isolation-a-test-study.aspx
Hope this helps.
Regards,
Bruce
February 10th, 2012 4:19am
Hi,
You can implement IPSec Domain Isolation. It can isolate domain members from non-domain members. All domain members would be able to connect to each other securely. Non-domain members would not be able to connect to any domain machine, as they are not successfully
authenticated.
For more information, please refer to:
Server and Domain Isolation
http://technet.microsoft.com/en-us/network/bb545651
IPSEC Domain Isolation
http://blogs.technet.com/b/networking/archive/2008/05/30/ipsec-domain-isolation-a-test-study.aspx
Hope this helps.
Regards,
Bruce
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2012 12:19pm