none
restrict shared folder to specific computers only RRS feed

  • Question

  • Hi,

    Is there a way that a domain joined computer, in addition to with read/write permission granted on user identity, can control File share permission to

    a) specific computer name(s)

    b)specific program (only specific program should be able to write to share from allowed computer)

    I have  a shared folder which is granted write permission to a specific service account. I want that only program running from specific computers (running with specific service account )should have access to write; for all other computers access should fail (even if running with same service account)

    Example: \\destinationMachine\ShareFolder has granted write permission to account1, computer1 and myprogram.exe

    myprogram.exe running from computer2 running with account1 (same account) should not be able to write as computer2 is not granted permission.

    If this can be done using windows firewall, what exactly are the steps to do it (which rule should be added or modified).

    Thanks


    singhhome

    Thursday, April 23, 2015 6:08 PM

All replies

  • In the Windows Firewall, you can specify that you will only allow [SMB] connections if it is secured by IPsec.  When you select this, you get the option in the 2nd screenshot. The firewall doesn't control read vs write however.  It would allow or disallow the connection.  You would then control read/write with usual Share/NTFS mechanisms.  Of course the ACL can contain entries consisting of user or computer principals.



    Mike Crowley | MVP
    My Blog -- Baseline Technologies


    Friday, April 24, 2015 12:07 AM
  • Thanks Mike for reply, I have tried it but it's not working. below is what I have done

    1. enabled IPsec on server and client machine

    2. server created Firewall inbound rule t o blocked all SMB requests

    3. server created firewall inboud rule to allow if connection is secured, with override block flag selected and provided remote computer name to be allowed

    with this client is not able to access FIle  share. I can check Firewall log that request was dropped.

    Is there a way to check details in firewall, which rule is blocking client access

    Thanks


    singhhome

    Tuesday, May 12, 2015 5:05 AM