I have Windows 2003 servers in an Active Directory 2003 domain on I currently restrict access to shares by group memberships. I want to know if it is also possible to restrict access to shares such that an authorized user can only access the share from a designated machine as well?
My first thought was firewalling but the servers each have multiple shares so I have to let most hosts access the server by TCP/IP and firewall rules are not an option.
Although the users are currently restricted by their group memberships, it would be nice to also say that user X can only access this share when authenticated from machineY.
Can this be done in standard M$ ntfs/share permissions using AD?