Re: Requiring specific computer to log on
- From: "kj" <kj@xxxxxxxxxxx>
- Date: Sat, 19 Nov 2005 15:26:38 -0700
I'd use some caution with that approach. While it seems like it should do as
you asked, other factors may out weigh the solution. It becomes access by
"what you have" not "what you know". Preferably you'd like it to be both.
Consider that if you set all your remote machines to use a single account,
then "accountability" becomes cloudy. If you set up a dedicated account for
each VPN computer you have increased your "surface area".
The right way to do this is with machine certificates, but it too is a lot
of work for one "offender" in a SBS environment.
I think you'll probably get co-operation after the offender is confronted.
--
/kj
"Alex H" <aph@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:Owhr9SV7FHA.3976@xxxxxxxxxxxxxxxxxxxxxxx
> This is where my ignorance shows itself, but I didn't knbow that was
> possible?
>
> Alex
>
> "MDBJ" <me@xxxxxx> wrote in message
> news:exE71rT7FHA.2152@xxxxxxxxxxxxxxxxxxxxxxx
>>a new "policy", company wide.. requiring complex passwords,
>> entered by IT department, and stored on the machines.
>>
>> then no one but IT would have the ability to add a machine to the vpn
>>
>>
>>
>> "kj" <kj@xxxxxxxxxxx> wrote in message
>> news:Ox6ABvS7FHA.1020@xxxxxxxxxxxxxxxxxxxxxxx
>>> Sorry, I don't have a solution to "simply" block VPN access from a
>>> specific machine. Methods exist but the only ones I know of aren't
>>> simple.
>>>
>>> Monitoring through the RRAS VPN log files is simple though.
>>>
>>> Open Routing and Remote Access from the Admin tools. Select the Remote
>>> Access logging. Double click the logfile. On the logfile properties
>>> window, select the logfile tab, select IAS format and your preferences
>>> for logfile maintnenace. On the "settings" tab, select all three check
>>> boxes.
>>>
>>> You'll find the resultant csv log files in
>>> %SYSTEMROOT%\system32\logfiles named INxxxxx.log, by default
>>> C:\windows\system32\logfiles.
>>>
>>> Confronted by 'evidence' that the tutor is violating policy and your
>>> ability to monitor compliance may be enough to have everyone play by the
>>> rules.
>>>
>>> --
>>> /kj
>>> "Alex H" <aph@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>> news:%23nJvlUS7FHA.1944@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Hi we do have a company policy that stops any other computer than those
>>>> authorised bgy the company, and this particular user has been formally
>>>> re-advised of the position. However we are a small companhy ( 10
>>>> people) and this user is one of our tutors who works from his home, and
>>>> we dont really want to lose him.
>>>>
>>>> if I can simply block his own machine from logging on - that does
>>>> resolve the issue. However I do need also to cover the legal side and
>>>> need to be able to monitor his logging on.
>>>>
>>>> Exactly which log files should I be looking at,and do I need to open
>>>> them thru SBS2003, or are they simply text files that I can informt
>>>> into Excel.
>>>>
>>>> Many thanks for your continued help on this matter.
>>>>
>>>> Alex
>>>>
>>>>
>>>>
>>>>
>>>> "Alex H" <somone@xxxxxxxxxxxxx> wrote in message
>>>> news:%23vTXDxF7FHA.3544@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>I assume that he has copied the settings from the company laptop to his
>>>>>personal machine and is loggin on from that. He VPN'S on, and uses his
>>>>>normal login name and password. Somehow i need to restrick his account
>>>>>to the official machine. Its never been a problem before,
>>>>>
>>>>> I can see the Mac address of his personal machine in the DHCP
>>>>> reservations.
>>>>> Is it possible to read the DHCP logs to see how many instances there
>>>>> have been - how do I open them?
>>>>>
>>>>> Thanks for help
>>>>>
>>>>> Alex
>>>>>
>>>>>
>>>>>
>>>>> "Lanwench [MVP - Exchange]"
>>>>> <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>>>>> message news:O97$peF7FHA.1276@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>
>>>>>>
>>>>>> In news:ulxLaCE7FHA.1032@xxxxxxxxxxxxxxxxxxxx,
>>>>>> Alex H <somone@xxxxxxxxxxxxx> typed:
>>>>>>> Hi, one of our remote users has two computers, the company laptop
>>>>>>> and his own personal desktop. Its a long story, but we believe that
>>>>>>> he is logging onto our SBS2003 using his own computer rather than
>>>>>>> the
>>>>>>> company one.
>>>>>>> Is there any way we can set the the server so that he does have to
>>>>>>> use the company computer
>>>>>>>
>>>>>>> thanks
>>>>>>>
>>>>>>> Alex
>>>>>>
>>>>>> How would he log onto the domain from a home computer unless it had
>>>>>> been set up/joined to the domain?
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
.
- References:
- Requiring specific computer to log on
- From: Alex H
- Re: Requiring specific computer to log on
- From: Lanwench [MVP - Exchange]
- Re: Requiring specific computer to log on
- From: Alex H
- Re: Requiring specific computer to log on
- From: Alex H
- Re: Requiring specific computer to log on
- From: kj
- Re: Requiring specific computer to log on
- From: MDBJ
- Re: Requiring specific computer to log on
- From: Alex H
- Requiring specific computer to log on
- Prev by Date: Re: Requiring specific computer to log on
- Next by Date: Re: Mac 10.4.3 (tiger) and SBS 2003 connect setup problems
- Previous by thread: Re: Requiring specific computer to log on
- Next by thread: Re: Requiring specific computer to log on
- Index(es):
Relevant Pages
|
