Re: Restricting remote access
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 3 Dec 2006 18:59:49 -0500
In news:ui3WmRwFHHA.3468@xxxxxxxxxxxxxxxxxxxx,
Zardoz1 <zardoz1@xxxxxxxxxxxxxxxxxxxxx> typed:
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:uaBPcqvFHHA.1080@xxxxxxxxxxxxxxxxxxxxxxx
In news:uGV2mhvFHHA.3976@xxxxxxxxxxxxxxxxxxxx,
Zardoz1 <zardoz1@xxxxxxxxxxxxxxxxxxxxx> typed:
Thanks for your great ideas. (This is the second response - the other
disappeared into a bloghole on the other side of the universe)
Heh - I have that problem sometimes too.
Hmmm. A partition? Why not a folder/share for accounting, and use
NTFS to secure it? A disk partition doesn't reflect any sort of
security barrier.
Understand, but this is more psychological - I always make important
partition Drive letters the same as mapped drive letters - avoids
confusion.
For whom? The users will never see that. I put all my users' data (including
clientapps & shared folders) in e:\data. C is for the OS/installed apps
only, D is for Exchange data & SQL/MSDN.
When I'm setting up a server, I don't use the Domain Users or
Authenticated Users groups to assign permissions - I create a
security group called something logical (Companyname Users) and use
that. I also use other groups (Accounting, Management, whatever) to
grant permissions to their relevant shares. I also make all my
own/custom shares hidden from browsing by using SHARENAME$ .
Excellent idea, will implement.
It's definitely helpful.
In this situation, if you have a user who needs access only to
Accounting, you just put her in the Accounting group - and not the
Companyname Users group. It doesn't matter whether she's using VPN
or logging in directly at a workstation, or logging in remotely via
RD to a workstation. All she will get access to is the Accounting
share, no matter where she is.
Agree ordinarily, but she is a contractor not an employee, she
doesn't have a workstation on the local lan. Hence the VPN. She will
use her own workstation and accounting software, accessing the
accounting data files remotely. Should the untoward happen, we will
have multiple backups as recent as the previous day.
I sure wouldn't want to do it this way, and I support several offices with
the same requirement (outside help/contract worker). I'd buy a cheapo WinXP
Pro box and have her use that. Particularly as losing a day's worth of
accounting / bookkeeping work would really suck. Also, I don't think you
will get good performance over the VPN connection if she's opening the
bookkeeping files that way - even if it's a stable connection.
I'd also suggest using RD (via the RWW page) rather than having herAs above, I do agree - but in the absence any alternative - VPN seem
access the files directly over the VPN connection....it's a lot more
efficient, isn't likely to corrupt any data if the connection has a
hiccup. If the files are a) largeish and b) critical to the
business, everyone will be a lot happier this way.
the be the only way. Is there a server side script that can run when
this user logs in and map a network drive?
Across a VPN connection? Not that I know of. You could simply give her a
batch file to run once she connects to the VPN.
.
- References:
- Restricting remote access
- From: Zardoz1
- Re: Restricting remote access
- From: Lanwench [MVP - Exchange]
- Re: Restricting remote access
- From: Zardoz1
- Restricting remote access
- Prev by Date: Re: winxp clients can no longer see email on sbs2003 exchange server
- Next by Date: Re: WSS - Modify
- Previous by thread: Re: Restricting remote access
- Next by thread: Re: Restricting remote access
- Index(es):
Relevant Pages
|
