Here is the scenario. I have a Windows server 2003 domain with two DC's. This is an educational environment with roughly 3,000 computers and 30,000 users. Students are logging in with their own unique credentials. My issue is that there are multiple computer labs that need a share configured to allow only computers in that lab to access it, regardless of which user is logged in. For example, the graphics lab wants a share to distribute files to the students and store stock images and whatnot. The only people that need to access that share are the students in a graphics course, and only when they are in that lab. I could add all the graphics students to a a group and grant that group access to the share, but managing the group membership would be a nightmare! This would also not prevent them from accessing it when they are not logged in from the lab.
I have done a tremendous amount of research on this issue and so far I have not come up with an answer. Most of what I have read says what I want to do is not possible, but it seems like this scenario would come up often. If it is not possible, then I need a workaround so hopefully everyone here can help me out.