Re: Requiring specific computer to log on
- From: "MDBJ" <me@xxxxxx>
- Date: Sat, 19 Nov 2005 17:13:49 -0500
sorry, I was suggesting a mostly social, not exactly technological solution.
get whomever is required to agree-presumably the person who wants the
'company machines only' policy enforced
announce a new policy, that requires all VPN passwords to be set by IT dept
(presumably you) for complexity & security,
this requires all machines authorized to be brought in, where you change the
server password
and then enter the password into the authorized machine, checking the
'remember password' box.
the password will be stored on the authorized machine, and prevent an
unauthorized machine from getting in.
"Alex H" <aph@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:Owhr9SV7FHA.3976@xxxxxxxxxxxxxxxxxxxxxxx
> This is where my ignorance shows itself, but I didn't knbow that was
> possible?
>
> Alex
>
> "MDBJ" <me@xxxxxx> wrote in message
> news:exE71rT7FHA.2152@xxxxxxxxxxxxxxxxxxxxxxx
>>a new "policy", company wide.. requiring complex passwords,
>> entered by IT department, and stored on the machines.
>>
>> then no one but IT would have the ability to add a machine to the vpn
>>
>>
>>
>> "kj" <kj@xxxxxxxxxxx> wrote in message
>> news:Ox6ABvS7FHA.1020@xxxxxxxxxxxxxxxxxxxxxxx
>>> Sorry, I don't have a solution to "simply" block VPN access from a
>>> specific machine. Methods exist but the only ones I know of aren't
>>> simple.
>>>
>>> Monitoring through the RRAS VPN log files is simple though.
>>>
>>> Open Routing and Remote Access from the Admin tools. Select the Remote
>>> Access logging. Double click the logfile. On the logfile properties
>>> window, select the logfile tab, select IAS format and your preferences
>>> for logfile maintnenace. On the "settings" tab, select all three check
>>> boxes.
>>>
>>> You'll find the resultant csv log files in
>>> %SYSTEMROOT%\system32\logfiles named INxxxxx.log, by default
>>> C:\windows\system32\logfiles.
>>>
>>> Confronted by 'evidence' that the tutor is violating policy and your
>>> ability to monitor compliance may be enough to have everyone play by the
>>> rules.
>>>
>>> --
>>> /kj
>>> "Alex H" <aph@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>> news:%23nJvlUS7FHA.1944@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Hi we do have a company policy that stops any other computer than those
>>>> authorised bgy the company, and this particular user has been formally
>>>> re-advised of the position. However we are a small companhy ( 10
>>>> people) and this user is one of our tutors who works from his home, and
>>>> we dont really want to lose him.
>>>>
>>>> if I can simply block his own machine from logging on - that does
>>>> resolve the issue. However I do need also to cover the legal side and
>>>> need to be able to monitor his logging on.
>>>>
>>>> Exactly which log files should I be looking at,and do I need to open
>>>> them thru SBS2003, or are they simply text files that I can informt
>>>> into Excel.
>>>>
>>>> Many thanks for your continued help on this matter.
>>>>
>>>> Alex
>>>>
>>>>
>>>>
>>>>
>>>> "Alex H" <somone@xxxxxxxxxxxxx> wrote in message
>>>> news:%23vTXDxF7FHA.3544@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>I assume that he has copied the settings from the company laptop to his
>>>>>personal machine and is loggin on from that. He VPN'S on, and uses his
>>>>>normal login name and password. Somehow i need to restrick his account
>>>>>to the official machine. Its never been a problem before,
>>>>>
>>>>> I can see the Mac address of his personal machine in the DHCP
>>>>> reservations.
>>>>> Is it possible to read the DHCP logs to see how many instances there
>>>>> have been - how do I open them?
>>>>>
>>>>> Thanks for help
>>>>>
>>>>> Alex
>>>>>
>>>>>
>>>>>
>>>>> "Lanwench [MVP - Exchange]"
>>>>> <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>>>>> message news:O97$peF7FHA.1276@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>
>>>>>>
>>>>>> In news:ulxLaCE7FHA.1032@xxxxxxxxxxxxxxxxxxxx,
>>>>>> Alex H <somone@xxxxxxxxxxxxx> typed:
>>>>>>> Hi, one of our remote users has two computers, the company laptop
>>>>>>> and his own personal desktop. Its a long story, but we believe that
>>>>>>> he is logging onto our SBS2003 using his own computer rather than
>>>>>>> the
>>>>>>> company one.
>>>>>>> Is there any way we can set the the server so that he does have to
>>>>>>> use the company computer
>>>>>>>
>>>>>>> thanks
>>>>>>>
>>>>>>> Alex
>>>>>>
>>>>>> How would he log onto the domain from a home computer unless it had
>>>>>> been set up/joined to the domain?
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
.
- Follow-Ups:
- Re: Requiring specific computer to log on
- From: Alex H
- Re: Requiring specific computer to log on
- References:
- Requiring specific computer to log on
- From: Alex H
- Re: Requiring specific computer to log on
- From: Lanwench [MVP - Exchange]
- Re: Requiring specific computer to log on
- From: Alex H
- Re: Requiring specific computer to log on
- From: Alex H
- Re: Requiring specific computer to log on
- From: kj
- Re: Requiring specific computer to log on
- From: MDBJ
- Re: Requiring specific computer to log on
- From: Alex H
- Requiring specific computer to log on
- Prev by Date: Re: How to transfer SBS 2003 to new server?
- Next by Date: Re: Requiring specific computer to log on
- Previous by thread: Re: Requiring specific computer to log on
- Next by thread: Re: Requiring specific computer to log on
- Index(es):
Relevant Pages
|
Loading
