VPN Security, locking out non domain members

From: dcasteel@xxxxxxxxx
Date: 15 Jul 2006 05:04:17 -0700

I am sure there is a way to do this, but I have limited resources (the
most valuable being time).I need to lock out or block non ms domain
members from my network. This would be from people bringing in their
home laptops and plugging in and from people connecting to my corporate
network via VPN.
I do not want a solution to check thier home computer to make sure it
is up to par. The non domain members must be blocked (corporate
policy).

Current logical configuration:

Home user>cisco vpn concentrator>simple IP address pool
provided>authenticated against win2k radius>

Let me know if you need any further info from me to help with my issue.

Thanks in advance!

.

Prev by Date: still having problems after implementing the revised MS06-015
Next by Date: Re: Short List of Security Questions
Previous by thread: still having problems after implementing the revised MS06-015
Next by thread: Printers uninstalling with July patch?
Index(es):
- Date
- Thread

Relevant Pages

Remote users - domain password change
... All computers are domain members. ... They dial up or use VPN. ... prevent them from problems with cached password and then a different password ... originally set up on the network and is a domain member. ...
(microsoft.public.windowsxp.security_admin)
Re: IP of machine locking account?
... lock the whole network behind a firewall and provide vpn ... Server 2003 using a bad password and causing the account to lock and the ... which is not on our network. ...
(microsoft.public.windows.server.security)
Re: VPN Security, locking out non domain members
... You can issue computer certificates to your clients, ... members from my network. ... The non domain members must be blocked (corporate ... Home user>cisco vpn concentrator>simple IP address pool ...
(microsoft.public.security)
Locking down folders with Group Policy
... I'm trying to find the best way to lock down a user (who ... will be using VPN to access the network) to a single ... one folder, and one folder only. ...
(microsoft.public.win2000.group_policy)
Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
(Full-Disclosure)