Re: Restricting VPN access

In ISA Server management console create a group "Restricted Users" and add
that account. Add two firewall access rules as following...

1. Source: "VPN Clients"
Destination: "Internal"
Users: "All Users" except "Restricted Users".

2. Source: "VPN Clients"
Destination: "Server"
Users: "Restricted Users".

Good luck!

Boudewijn

"Matt Sullivan" <matt@xxxxxxxxxxxxxxxxxxxxxxx> schreef in bericht
news:uBrADh0KGHA.2040@xxxxxxxxxxxxxxxxxxxxxxx
Finally got the VPN access working using ISA 2004 sp1. Now we would like
to restrict access for a specific domain account to one serveron the
internal network.

Here are the things I tried:
1. using Active directory users & computers. right-clicking on a machine
and denying access to a particular user. This appears to do nothing.

2. Going to a shared drive which we want to restrict access to. going to
the permissions for the share. removing everyone and adding specific
users(even adding deny access to the account we want to restrict). This
doesn't do anything either.

I've tried having the vpn user log out and back in to see if that helped.
It didn't.

The user I have testing this is logged into a laptop with a valid domain
account. He then uses an external connection and VPNs into the network
authenticating with the restricted account info. It has crossed my mind
that his valid domain account could be affecting the authentication, but I
would be surprised if windows would use the other authentication without
asking.

I admit I am a developer, not a network admin(doing this because all the
other developers here don't want to and we don't really have a network
admin). The steps I tried are admittedly naive, but the documentation on
how to get this working is either terrible or non-existent. So far the
documentation I have read gives the 1000 ft view of how things operate.
These are great until things break or don't work. Then you have no idea
where/how to begin fixing them.

I'd appreciate any help anyone can provide.
--Matt



.

Relevant Pages

  • Windows 2000 Services Security
    ... Any idea of the list of Windows 2000 Server and ... Professional Services security. ... I want to restrict the ... specified for this service is different from the account ...
    (microsoft.public.win2000.security)
  • Re: access restrictions
    ... You can give him a local account on the server. ... Or give him a domain account; restrict the servers it can log on to (in the ... dont want that user account or group to access any shares on the network ...
    (microsoft.public.windows.server.active_directory)
  • Re: Permissions required to access a different server via RDP in RWW
    ... You could use GP to restrict that account or group to a certain OU of ... > logon server that happens automatically. ... In AD-aware clients, I believe ... >> Have you thought of restricting their account to only the server they ...
    (microsoft.public.windows.server.sbs)
  • Re: how to restrict log on hours for child user
    ... > I need a somewhat transparent way to restrict ... Unfortunately, in a workgroup environment or on a standalone system, Windows ... You would have to manually disable your son's account ... If you put a checkmark there and click OK, your son will not be able to log ...
    (microsoft.public.security)
  • Re: user rights in windows xp
    ... > in to the built-in Administrator account. ... Once there, open Windows ... > Explorer and locate the file/folder you wish to restrict. ... Go to the Security tab. ...
    (microsoft.public.windowsxp.customize)