=?Utf-8?B?SGFzbGVyIENoYW4=?= <(E-Mail Removed)>
wrote in news:EE1EDBBF-5430-4D33-9BF6-(E-Mail Removed):
> Currently I have cisco VPN configured to allow VPN access for my
> clients. I plan to have the cisco VPN integrated with my 2003 AD to
> provide single logon and can the RRAS or IAS provide feature such
> like:
>
> 1. Client A dial in to cisco vpn, IAS authenticate with AD, AD
> authenticated client A as Power users. Then, this user able to access
> to all server in our LAN.
>
> 2. Client B dial in cisco vpn, IAS authenticate with AD, AD
> authenticated client B as normal users. Then, this user ONLY able to
> access to mail server.
>
> Some kind of user based policy to restrict where this user can go. Can
> IAS or Windows RAS provide this features?
The way that you do this with AD is that you create groups in AD and then
add the group to the access control list (ACL) of the network resources
that you want the group members to have permission to access. Thus
permissions are dictated by how each resource is ACled and by which groups
are allowed access to the resource.
In addition, you can create remote access policies based on groups, which
provides you with a variety of ways to control access, including using IP
filters, restricting access at certain times of day and days of the week,
etc.
You can find more information on remote access policies and how to
authorize users with groups in the following Help topics:
Introduction to remote access policies
http://technet2.microsoft.com/Window...fbb-4df4-4b36-
b14a-20cbbad434941033.mspx
Elements of a remote access policy
http://technet2.microsoft.com/Window...efd-4add-420a-
8838-716d9de904951033.mspx
Remote Access Policies Examples
http://technet2.microsoft.com/Window...d9f-bcaf-4fa3-
9f48-758d578e08b81033.mspx
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Similar Threads
Linear Mode
