Re: Deny VPN access to machines not in domain

From: Don Williams (Don.Williams_at_NOcMoreMedicalSPAM.com)
Date: 09/22/04 

Date: Wed, 22 Sep 2004 09:05:49 -0500

Thanks. In reading the referenced link I see that running a client side
process is required in addition to having additional network side hardware.
It's too bad MS didn't offer a simple server side only gatekeeping function.
Thanks.
  Don Williams

"Miha Pihler" <mihap-news@atlantis.si> wrote in message
news:uSFXNmznEHA.3868@TK2MSFTNGP11.phx.gbl...
> Hi Don,
>
> This might not be simplest thing to do, but it is possible. What you need
to
> setup is VPN Quarantine and write a script. This script can check for all
> sort of things e.g. is computer up-to-date with patches, is personal
> firewall enabled, is antivirus running and is it up-to-date ... and
feature
> that you need -- to check if computer if member of domain. If it is not
you
> can show user an error (e.g. Computer is not member of domain) and
> disconnect it. You can also check if Domain Administrator is still member
of
> Local Administrator group etc...
>
> For more details check this article:
>
> Network Access Quarantine Control
>
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/all/deployguide/en-us/dnsbg_rac_lwaq.asp
>
> I hope this helps,
>
> Mike
>
> "Don Williams" <Don.Williams@NOcMoreMedicalSPAM.com> wrote in message
> news:OIx5QXynEHA.2300@TK2MSFTNGP10.phx.gbl...
> > We are using MS W2K3 server as a VPN server. We are using AD2K3 for
> > security. Is there an easy way to deny login through the VPN for valid
> > users connecting from hardware that is not part of the domain, e.g.,
their
> > home PC. If we want 'em to connect remotely we give 'em a laptop.
> Thanks.
> > Don Williams
> >
> >
>
>

Relevant Pages

  • Re: w2k unjoin old / join new domain trouble
    ... but that WILL move the PC into a workgroup and most likely ... I have an old w2k workstation which was a member of a domain called ... no way to hook the computer up again and unjoin the domain. ... the network and assign it an IP address. ...
    (microsoft.public.win2000.networking)
  • Problem with Win2k-boots slowly & hangs...
    ... I have a small peer to peer network of win2k machines (and one XP ... Dim strUserName ' Current user ... ' Read the user's account "Member Of" tab info across the network ... ' Given a Dictionary object containing groups to which the user ...
    (microsoft.public.win2000.general)
  • Script causes win2k machine to hang on start??
    ... I have a small peer to peer network of win2k machines (and one XP ... Dim strUserName ' Current user ... ' Read the user's account "Member Of" tab info across the network ... ' Given a Dictionary object containing groups to which the user ...
    (microsoft.public.windows.server.active_directory)
  • Re: Problem with domain name
    ... Single DC on the network. ... So I tried to add the member with this name and it worked. ... properties, under active directory on the DC, etc. ... It sounds like the DNS domain name is 'local" and the NetBIOS domain name ...
    (microsoft.public.windows.server.active_directory)
  • Re: SERVICE group
    ... > you become a member of NETWORK. ... run under Local Service, i.e. ... all security principals that have logged on as a service. ...
    (microsoft.public.windows.server.security)
Loading