# How to deny access to shared folders



## nik007 (Aug 10, 2001)

How can I deny access to a shared drive if credentials used from a domain came via a PC on particular network or ip address.

So if a user attempted to access a mapped drive from a pc on a particular ip address (pc doesnt have to be on the domain) entering the credentials of a user on the domain, it will deny access based on a rule to deny access from a particular ip address or network.

Thanks


----------



## Squashman (Apr 4, 2003)

Should be able to deny by IP using IPsec.


----------



## nik007 (Aug 10, 2001)

thanks, but am i also able to create a rule that will allow that ip access using only a particular username and password, and deny on all other user names and password


----------



## Rockn (Jul 29, 2001)

Set your shares up to only allow authenticated users to have full access and remove the everyone group. Make your security on that share as granular as you like. Share level security is not where you should be applying any security, it is just the door.


----------



## Squashman (Apr 4, 2003)

That is not how IPsec works. I have no idea how you would allow only a single Username to login from a specific IP address. I do remember doing something like this with our Novell networks years ago but we no longer run Netware.


----------



## nik007 (Aug 10, 2001)

thanks guys, the problem i have is that users from outside the domain know of user names and passwords to accounts within the domain. i don&#8217;t want this to change its a complicated explanation so ignoring why it is the way it is. so what im looking for is a way to deny access if they use the login details say of a user from a domain users group. but if they use login details of a user that is not part of domain users they will have access

Thanks


----------



## Rockn (Jul 29, 2001)

Time to change passwords on a regular basis. If they know internal user names and passwords and they are from the outside of the domain why have any security at all? This seems like a good way to lose your job to me.


----------



## nik007 (Aug 10, 2001)

thanks for your adivse but i did indicate in the message to ignore why it is the way it is. i said that so i didnt have to hear what i already though. thanks for the reply regardless


----------



## Rockn (Jul 29, 2001)

It still makes no sense what you are trying to do. If you want outside users to have access to LAN resources you need to separate them from anything LAN related or you will open up a whole nuther can or worms. How about something like terminal services or VPN access? Do you know what network they are coming from?


----------

