RE: Limit a VPN user to a specific area of the filestore
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Tue, 14 Feb 2006 07:41:10 GMT
Hi Kev,
Thank you for posting in SBS newsgroup.
To avoid the VPN users accessing to other shared folders, you can actually
to create a security group and then remove the group from NTFS Permissions
and deny the group's access in Share Permission to the folders which you do
not want to let them access.
If you have updated SBS to SBS SP1, you can use ABE to increase folder
level security. To get detailed information, please refer to the following
document:
Windows Server 2003 Access-based Enumeration
http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx
More information:
325361 How To Configure Security for Files and Folders on a Network in
Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;325361
Hope the information help and I look forward to your reply.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: Kev <kevNOSPAM@xxxxxxxxxxxxxxxxxxx>
| Subject: Limit a VPN user to a specific area of the filestore
| Date: Mon, 13 Feb 2006 11:56:54 +0000
| | Newsgroups: microsoft.public.windows.server.sbs
| |
| Hi,
|
| I am setting up VPN access to a trusted consultant.
|
| I have set up a share in the file store, below which are the folders I
| only want to allow access to. I have set up a security group added
| the user and only given share level permissions to this group.
|
| I have set up a logon script for the user, which maps a drive to the
| share.
|
| What I want to achieve is:
|
| 1. Only allow access to this one share and the folders beneath it
| 2. Ensure that using the net commands does not allow enumeration of
| any other share, and in any event the user is always denied a
| connection to any other share
|
| Will just making this user a member of the security group I created
| plus mobile users, and remoiving all other group memberships solve the
| problem?
|
| Thanks
|
.
- References:
- Prev by Date: using exchange on SBS 2003 with domain name HELP! im lost
- Next by Date: Re: Companyweb Error after restore..
- Previous by thread: Limit a VPN user to a specific area of the filestore
- Next by thread: Auto-started Service Not Running
- Index(es):
Relevant Pages
|
