Re: Student workers & shared drive restrictions

[Brad Judy <win-hied () BRADJUDY COM>]

What about simply using the host firewall on the file server to only allow connections from departmental machines?  
This is the typical way to resolve this issue and I've used it many times.

Brad Judy

We're migrating to Active Directory, and I'm looking to use this as an
opportunity to remove generic student worker accounts.  Previously, each office
would have their own shared student worker account (i.e.,
Bursar_Student_Worker), which all student workers in that area would use to
login with.  I want to have each student login with their regular AD
credentials, but when and only when they are using computers in that department
will they have access to the department's shared drive.  If they login from a
non-department computer, they are unable to access that share.

Anyone have a way to configure accounts in AD so that the following happens?

User 1 (student worker) logs in to Computer A (dept computer) and gets access
to drive Q: (dept share)
User 1 logs in to Computer B (non-dept computer) and is unable to access drive
Q: (including if they try to manually map the drive)

Joe Bazeley
Information Security Officer
Miami University
Hoyt Hall 314
513-529-9252