RE: Remote Access to Server

Hi Ronnie,

Thanks for your reply.

There is a point I have forgotten to mention in my last reply. After we
grant the user allow permission to the share folder, we need to also grant
the user access deny permission to the other shares, otherwise the user
will be able to access all share resources in the domain.

If you have any question or concern, please feel free to let me know. I am
glad to be of assistance.

Have a nice day!

Steven Wang (MSFT)
Microsoft CSS Online Newsgroup Support


--------------------
>Thread-Topic: Remote Access to Server
>From: =?Utf-8?B?Um9ubmll?= <Ronnie@xxxxxxxxxxxxxxxxxxxxxxxxx>
>Subject: RE: Remote Access to Server
>Date: Tue, 6 Sep 2005 17:17:49 -0700

>
>Hello Steven
>
>You have a correct understanding of the issue. I will give the VPN option
a
>try
>
>thanks
>
>"Steven Wang [MSFT]" wrote:
>
>> Hello Ronnie,
>>
>> Thank you for posting.
>>
>> From your post, my understanding of this issue is: You would like to
know
>> whether we can allow an external company to remote access to a share on
the
>> server. If this is not correct, please feel free to let me know.
>>
>> Based on my experience, we can create a VPN connection for this outside
>> company, create a new user or group and allow this user or group to
connect
>> to your local network through VPN, and then grant this user or group
access
>> permissions on the share. The following are the detailed steps:
>>
>> Step 1: Create a VPN connection
>> ------------------------------------------------
>> If you are using the SBS 2003 Server as the VPN server, please refer to
the
>> following steps to configure the server:
>> 1. Open Server Management, click on Internet and E-mail.
>> 2. Click on Configure Remote Access on the right pane, and enable VPN
>> remote access.
>>
>> Step 2: Create user or group
>> ------------------------------------------------
>> 1. Open Server Management, navigate to Advanced Management\Active
Directory
>> Users and Computers.
>> 2. Create a new user or security group (you may first create an OU, and
>> create user or group in this OU).
>> 3. Double click on the user or group you just created, click on Member
Of
>> tab.
>> 4. Click Add button, type Mobile Users, and then click OK.
>>
>> Step 3: Grant permissions to the user or group
>> -----------------------------------------------
>> 1. Open My Computer and explore to the share folder which the outside
>> company needs to access.
>> 2. Right click on the share folder, and then click Sharing and Security.
>> 3. Click Permissions button, remove Everyone user account.
>> 4. Click Add to add the user or group you just created and grant it
proper
>> access permissions.
>>
>> Then the outside company can access the share folder by connecting VPN
>> connection using the user account. If the VPN connection is created via
a
>> hardware router or firewall, it will be unnecessary to add user or group
to
>> the Mobile Users group.
>>
>> Hope the above information helps. If anything is unclear or you have
any
>> concerns, please feel free to let me know. I am glad to be of
assistance.
>>
>> Thanks for your time and I look forward to hearing from you soon.
>>
>> Have a nice day!
>>
>> Steven Wang (MSFT)
>> Microsoft CSS Online Newsgroup Support
>>
>> Get Secure! - www.microsoft.com/security
>> =====================================================
>> This newsgroup only focuses on SBS technical issues. If you have issues
>> regarding other Microsoft products, you'd better post in the
corresponding
>> newsgroups so that they can be resolved in an efficient and timely
manner.
>> You can locate the newsgroup here:
>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
the
>> "Notify me of replies" box to receive e-mail notifications when there
are
>> any updates in your thread. When responding to posts via your
newsreader,
>> please "Reply to Group" so that others may learn and benefit from your
>> issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft CSS directly.
Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and confers no
rights.
>>
>> --------------------
>> >Thread-Topic: Remote Access to Server
>> >thread-index: AcWyWMDRlW6fXuIQQOymNxHj3a4LYQ==
>> >X-WBNR-Posting-Host: 62.255.32.11
>> >From: =?Utf-8?B?Um9ubmll?= <Ronnie@xxxxxxxxxxxxxxxxxxxxxxxxx>
>> >Subject: Remote Access to Server
>> >Date: Mon, 5 Sep 2005 13:31:11 -0700
>> >Lines: 6
>> >Message-ID: <25C0335D-4E60-4FC1-9A28-18944834F8E5@xxxxxxxxxxxxx>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.windows.server.sbs
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:150929
>> >X-Tomcat-NG: microsoft.public.windows.server.sbs
>> >
>> >I recently had a program installed on my server, by an outside company.
I
>> >need to give this company remote access to a share on the server, and
>> nothing
>> >else. I have tried a few groups such as domain powers user, but this
does
>> >not allow access to the server. Is there a way I can give this company
>> >access to just this share, and no programs, shares, printers, documents
>> etc
>> >on the server?
>> >
>>
>>
>

.