Windows NFS Server

Gcm Rukawa 1 Reputation point
2021-09-08T13:31:44.423+00:00

I have this Windows Server 2012 setup with NFS server.
Only the Windows server, a NFS share is created with the default configuration, "All Machines" granted with "Read/Write" access and root access.
There is no issue mounting the NFS share on any Linux server.

I wanted to restrict the mounting to only a single server instead of all servers.
Created another NFS share on the Windows Server, allowing only 1 host granted "Read/Write" and root access and set "All Machines" to "No-Access".
This seems to block all mounting including the host that is allowed. There is no way to remove the "All Machines" from the permissions.

How can I change the permission to only allow 1 host to be able to mount the windows NFS share and denied mounting from all the other servers?
The host is in the same IP segment as the Windows server.

130238-image.png

Windows for business Windows Server User experience Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,916 Reputation points
    2021-09-09T08:11:43.033+00:00

    Hello GcmRukawa,

    Unfortunately the "All Machines" group is a default group and can't be removed, by default computer accounts will have read access to the NFS share.

    However, the main recommendation is enable Access-based Enumeration, which will allow you not to distinguish computer accounts but users. Independantly of what the machine's permissions are, any "deny" permission will prevail over the "allow" permission in the machine accounts.

    You can read more about Access Based Enumeration here: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753731(v=ws.11)?redirectedfrom=MSDN#BKMK_NFS

    Hope this helps,
    Best regards,

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.