Advanced Windows PowerShell Scripting Video Training

Advanced Windows PowerShell Scripting Video Training
Advanced Windows PowerShell Scripting Video Training

Thursday, May 24, 2012

How to prevent Domain Users from Authenticating to a WDS Share

By default, authenticated users can connect to a WDS share and read the .wim files.  When a user performs a PXE boot using the boot image provided by WDS, their domain credentials can be used for authentication.  This is the default behavior for the share.

image

If this is not desirable in your environment, create a new security group that contains the users that you want to be able to access the share. Grant this group the ability (at minimum) to Read & Execute,  List Folder Contents, and Read. Then remove the Authenticated Users group.

Once this is completed, if a user attempts to authenticate to the WDS server, this is what they see:

image

The user will not be presented with any images.

 

If the user is in the correct security group, they will get a listing of the available images to select from.

 

image

No comments: