Hello,
I'm trying to understand whether I'm the one who's crazy, doing something wrong, or whether Windows Firewall was designed to be broken (and stay that way through Windows Server 2008 R2!)
When I go to Windows Firewall with Advanced Security from the Start Menu and edit the Inbound Rule for "File and Sharing (SMB-in)", the result I am seeking is that I can restrict access by both user and computer.
Upon enabling the rule, and selecting the "Allow the connection if it is secure" option (and nothing else), the firewall obliges by denying any and all attempts by other computers to map or browse files.
When I enter the name of one PC in the Computers tab under the "Allow connections from these computers", again the firewall obliges and the said PC can now browse and map to shares on that server. HOWEVER, now other computers on the network are able to do the same, as long as they have any set of verifiable credentials (like a local user/admin or domain user/admin, etc). Trying to restrict by user or by IP yield almost identical results. Both those who I do and do not want are able to access files on the said server.
My question is this: how is this firewall rule supposed to work? What do we have to do to actually make it accept and reject connections based on the criteria we have provided?
My goal is to only allow SMB access to a user IF they log in from a particular computer or group of computers.
Any help would be GREATLY appreciated!
Waqqas