Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Restricting access to shared folder by IP address.

05 Apr 2017   #1
nektar

Windows 7 Ultimate x64
 
 
Restricting access to shared folder by IP address.

How do I grant access to local folder based on IP address?

I want to share my D volume only to another computer at my home via its local IP address (10.0.0.2 in this case). It will be shared as read only network folder (with some subfolders which cannot be accessed at all), and I will need to map it as a drive in the other PC. And if someone appear to connected to my router via Wi-Fi, he won't be able to access my shared folders (given the fact that his IP address is something like 10.0.0.3 or 10.0.0.5).

I already set the drive to be shared as read only by Authenticated Users (I made a non-admin user to be logged in to my PC), but apparently anyone who knows my username and password may access the files.

Is there any kind of network policies which allow only to a specific user in specific IP address to view and read my shared folder?

Thanks a lot...


My System SpecsSystem Spec
.
05 Apr 2017   #2
samuria

win 8 32 bit
 
 

Is the IP static as if it's via DHCP it would change. Is it just via Wi-Fi your blocking on a lot of routers there is an option called user isolation or similar this blocks all Wi-Fi from seeing local PC
My System SpecsSystem Spec
05 Apr 2017   #3
nektar

Windows 7 Ultimate x64
 
 

It is the local IP address of the computer. Not the external one, given by the ISP.
(Appears in "ipconfig /all" command as IPv4 address.)

For example, I have 4 devices connected to my router at home (by LAN or WiFi).

  1. PC for storage and work - Local IP: 10.0.0.1.
  2. PC for music / films / gaming / multimedia - Local IP: 10.0.0.2.
  3. Printer - Local IP: 10.0.0.3
  4. My Phone (via WiFi) - Local IP: 10.0.0.4

I want to share a folder at the work PC (10.0.0.1), only to be seen and accessed by the multimedia PC (10.0.0.2).
My System SpecsSystem Spec
.

09 Apr 2017   #4
Alejandro85

Windows 7 Ultimate x64
 
 

As far as I know, there is no built-in option for restricting access based on client IP, but rather only on user/password, then setting permissions on those. Windows will accept all connections from anywhere, as long as they provide the proper credentials.

You could use a firewall to restrict incoming connections on port 445 (the one used for the shared folders though the SMB protocol) only from specific hosts. Windows firewall for example is certainly capable of doing so. This however will block access entirely for those IPs, not only specific users.

I think, however, that your approach is not ideal at all. Putting a block on a particular IP address is not too complicated to bypass (any computer can choose its local address as long as it's not used). Moreover, in your first post you mention some things that may indicate deeper security problems than just an IP control:


Quote   Quote: Originally Posted by nektar View Post
And if someone appear to connected to my router via Wi-Fi
A better question would be, why would anyone be allowed into your wifi at all? If your router is only a private network, keep it private, put a strong password on it and don't share that with anyone you don't trust. Anyone else will be simply unable to even enter your local network, therefore unable to even see the computer hosting the protected shares.


Quote   Quote: Originally Posted by nektar View Post
but apparently anyone who knows my username and password may access the files.
Yes, that's totally correct. Problem is, nobody but you should ever know your password. That's true for every password you set (for instance, if I knew your SevenForums password, I would be able to impersonate you here). It seems to me that you protect your passwords only lightly and don't care with sharing them freely, so that's the main thing I would do is to proper ensure that your credentials are secret, as every system would assume that they are secret.
If you think that anyone knows your password, just change it and ensure only you know it. Doing so will prevent anyone else but you from accessing your computer.
My System SpecsSystem Spec
09 Apr 2017   #5
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

If you have the correct type of Router on your system you could add a whitelist of devices that are allowed to connect to your network. This list would not be based on the IP address of devices but on the MAC address which uniquely identifies every network capable device on the planet, (IP addresses in certain circumstances can be the same in different locations ).

The users would still need to know the SSID (name of the wireless you broadcast), plus the password,but would also have to be on the list of devices allowed to access.
You can change the name of the service and the password often which will help but MAC filtering will prevent access for anyone even if they have the credentials correct but are not an allowed laptop, phone, PC or game console

If you choose to go this route you would need to discover the MAC address of each network device you wish to allow and add it to the list of allowed devices. For full cover you would need to do this for Wireless ports and Ethernet Posts even if they are on the same system (laptops are normally this way Desktops less so.

If you can provide the full information of your router I will check to see if this is possible and the steps needed if this is so. if this is a unit supplied by your internet provider you may have to do a little research, Check the website of your Provider, but if you use a router from one of the actual manufacturers it should be straightforward
My System SpecsSystem Spec
09 Apr 2017   #6
Alejandro85

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Barman58 View Post
This list would not be based on the IP address of devices but on the MAC address which uniquely identifies every network capable device on the planet, (IP addresses in certain circumstances can be the same in different locations ).

The users would still need to know the SSID (name of the wireless you broadcast), plus the password,but would also have to be on the list of devices allowed to access.
You can change the name of the service and the password often which will help but MAC filtering will prevent access for anyone even if they have the credentials correct but are not an allowed laptop, phone, PC or game console
MAC address filtering is known to be a very weak protection. For one, MACs aren't unique at all, but in rare cases can be duplicated. Moreover, they only need to be unique in a given network segment, certainly not globally unique.
But the real problem is that MAC addresses are really trivial to change with readily available software for every platform. In wifi, the MAC is also sent in plaintext before encryption takes place, so anyone can learn what MACs are actually valid, making it easy to bypass any filter if you really want. The SSID is also public and anyone can learn it. That's why my suggestion was to put the only secrecy in the password, that are mean to be secret anyway.

MAC filtering can maybe deter a few people (certainly many home users) but if you seriously care about security, you need to look into more serious methods.
My System SpecsSystem Spec
Reply

 Restricting access to shared folder by IP address.




Thread Tools




Similar help and support threads
Thread Forum
Unable to access shared folder in Win 7 homegroup via IP address
I have 3 Win-7 64 bit machines in a homegroup. MAC addressing enabled on the router. Machine A, B and C. All are in a homegroup. I want to share a folder on machine B to the rest of the group so I share with homegroup (read/write allowed). I jump on machine A and C to test, and am able to click...
Network & Sharing
Can't access from Win7 to XP shared folder
So yesterday I decided to set up and optimize my home network by creating shared folders and stuff. As an IT student I'm learning about security so I started by disabling all the Home Group config and creating users with passwords and enabling password authentication so everytime I want to access a...
Network & Sharing
Restricting access to shared network folders for specific Win7 pc's
Hi, I've been trying to find a solution online for several hours now, but have had no luck at all. I'll try my best to describe my situation as concisely as possible:- I have multiple family members in the household, along with two Win7 desktops and three Win7 laptops. All pc's are on the same...
Network & Sharing
Can't Access Shared Folder!
I have Windows 7 Professional x64. My pictures are located in this folder: L:\Users\<name>\My Pictures I want to share this folder with another user on my computer. Can't do it. Simply altering the folder's permissions doesn't work. If I change permissions so that the folder in question...
Network & Sharing
Canít get access to shared folder from one computer to
I have 2 windows 7 computers and i'm trying to share a folder (that I want password protection on) outside of the homegroup. Both computers are part of the same workgroup and I have the same user account/password combination on both computers plus I have password protected sharing turned on in...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:12.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App