Windows Firewall - Allow Specific Computers Access to File Shares

This question has been asked, but never fully answered. So I'm going to bring it up again, and share my work-arounds, and why I can no longer use a work-around

Necessity:

I need to be able to allow "authenticated" computers to access file shares on a new file server. On our other file servers, authentication is handled by AD accounts (shares are assigned AD groups in their security settings, accounts must be in the proper groups to be able to access the share). Users can technically use whatever computer they'd like, as long as they have the proper credentials. I need to restrict usage, to only specific computers, as well as specific users. Piece of cake right?

Work-Around:

I've (in the past) done this by simply assigning the authenticted computers static IP addresses on the DHCP, so that I can then enter that IP into the "scope" section of the Windows Firewall. Done deal. Pretty simple. The problem, is that there are a finite number of IP adderesses, and some of the newer projects needs a larger set of authenticated computes. Hence assigning a static IP addresses to each computer is not only ineffecient, but it's inplausible as this necessity grows.

Thoughts:

I've been trying to educate myself with IPSec as I see that there are some nice "Authorized Computers" and "Authorized Users" tabs under Windows Firewall rules. That's perfect! I can even assign a group of computers to make future management easier! Problem is, it doesnt work as easily as it says it will. I enter my computer name, and my user name, and I cant access the share. I suspect this has something to do with the mandatory changing of access to "Allow the connection" to "Allow the connection if it is secure..." Perhaps my connections are being flagged as "not secure" so no rules past that are processed and I'm not  allowed access? I don't know.

How can I configure these "Authorized Computers" and "Authorized Users" tabs to work as I want them to (to work at all). Do I need to configure the clients connections to be something other than the default? So that the server sees them as secure?

Thanks

MFiebs