Thanks for the reply Bill.
That's true, however, to give these people VPN access I need to create
them on the server as a user and at a minimum they can use their user
name and password to attempt to access shares on the network. Also, by
default they will be given access to anything available to the
everyone, authenticated users, and network groups. Not so sure about
the network group. The problem is that there are many shares created
already and I don't want to have to go to each share on the server and
remove those groups because that might actually be a problem for some
of the shares like the public share. I imagine that I could place all
the other users and put them in a group (say the other users group)
then somehow deny access to everything except dial in. The problem is
that I don't know of any policy that will allow me to do that.
Anyone have any suggestions?
Joe
Bill Grant wrote:
> A VPN connection gives you an IP connection to the network. Remote access
> policies are only concerned with whether a user has the right to connect.
> What files the remote user can access is a completely different issue.
>
> "CoolHandJoe" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> > Hi all
> >
> > Recently a client of mine asked to setup some users to have access to
> > the network via VPN but not to anything else. It turns out there is
> > another company in the office and they have resources that are not
> > managed by the Windows 2003 server domain. They want to give them
> > access but restrict access to all domain resources. I know that for
> > the most part shares are controlled by an ACL but it is possible to
> > have shares available to the everyone group and they would like that to
> > be restricted as well. Is it possible to restrict that without having
> > to go to every share and explicitly denying the other group access to
> > everything?
> >
> > Joe
> >
|
Similar Threads
Linear Mode
