Re: Restricting remote access

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uaBPcqvFHHA.1080@xxxxxxxxxxxxxxxxxxxxxxx
In news:uGV2mhvFHHA.3976@xxxxxxxxxxxxxxxxxxxx,
Zardoz1 <zardoz1@xxxxxxxxxxxxxxxxxxxxx> typed:

Thanks for your great ideas. (This is the second response - the other
disappeared into a bloghole on the other side of the universe)

Hmmm. A partition? Why not a folder/share for accounting, and use NTFS to
secure it? A disk partition doesn't reflect any sort of security barrier.

Understand, but this is more psychological - I always make important
partition Drive letters the same as mapped drive letters - avoids confusion.

When I'm setting up a server, I don't use the Domain Users or
Authenticated Users groups to assign permissions - I create a security
group called something logical (Companyname Users) and use that. I also
use other groups (Accounting, Management, whatever) to grant permissions
to their relevant shares. I also make all my own/custom shares hidden from
browsing by using SHARENAME$ .

Excellent idea, will implement.


In this situation, if you have a user who needs access only to Accounting,
you just put her in the Accounting group - and not the Companyname Users
group. It doesn't matter whether she's using VPN or logging in directly at
a workstation, or logging in remotely via RD to a workstation. All she
will get access to is the Accounting share, no matter where she is.

Agree ordinarily, but she is a contractor not an employee, she doesn't have
a workstation on the local lan. Hence the VPN. She will use her own
workstation and accounting software, accessing the accounting data files
remotely. Should the untoward happen, we will have multiple backups as
recent as the previous day.

I'd also suggest using RD (via the RWW page) rather than having her access
the files directly over the VPN connection....it's a lot more efficient,
isn't likely to corrupt any data if the connection has a hiccup. If the
files are a) largeish and b) critical to the business, everyone will be a
lot happier this way.
As above, I do agree - but in the absence any alternative - VPN seem the be
the only way. Is there a server side script that can run when this user logs
in and map a network drive?


.

Relevant Pages

  • Re: Restricting remote access
    ... Accounting, you just put her in the Accounting group - and not the ... It doesn't matter whether she's using VPN ... RD to a workstation. ... Across a VPN connection? ...
    (microsoft.public.windows.server.sbs)
  • Re: locking down Terminal Server in SBS2003 environment (regular users)...not a duplicate question
    ... Firewall-to-Firewall VPN between Richmond and each location. ... The users in the remote offices have a hard time connecting to documents ... they are connected to the terminal server (which is sitting right next to ... the Accounting Software is indeed installed on the SBS2003 ...
    (microsoft.public.windows.server.sbs)
  • File permissions
    ... the workstation? ... The same account on an NT4 ... The short term solution was to make them all power users. ... >I have a large directory of files used for Accounting ...
    (microsoft.public.win2000.security)
  • RE: Slow printing after adding new user to workstations
    ... I understand that some users printing very ... I think this is mostly your accounting ... Please do clean boot on the problematic workstation to see if it help. ... click to check the "Hide All Microsoft Services" ...
    (microsoft.public.windows.server.sbs)
  • Re: PIX 501 accounting on remote dial-in ipsec
    ... session duration. ... In another case I use VPN 3000 concentrator and when user ... I'm expecting same from PIX accounting but Radius server ... What is a "remote dial-in ipsec user"? ...
    (comp.dcom.sys.cisco)