RE: Dialup Special Group

From: Jack Wang (jackwa@online.microsoft.com)
Date: 11/25/02

• Next message: Gary Smith: "Re: Q329414 MDAC security hotfix - installing wrong version MSADC files..."
• Previous message: Greg Askew: "Re: Q329414 MDAC security hotfix - installing wrong version MSADC files..."
• In reply to: Greg: "Dialup Special Group"
• Next in thread: Greg: "RE: Dialup Special Group"
• Reply: Greg: "RE: Dialup Special Group"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: jackwa@online.microsoft.com (Jack Wang)
Date: Mon, 25 Nov 2002 03:53:56 GMT

Hi Greg,

After the user joins in the domain remotely, the permissions of the user will be the same
as the local user account unless you use another user account to logon remotely. I
understand that you can add the user in two groups such as dialup and LAN. However,
the user will be a member of the two groups no matter of logging on locally or remotely.
So, if the LAN group has the permission to access the folder, the user will access the
folder locally and remotely. If you deny the dialup group to access the folder, the user
will not access the folder even he logs on locally.

Could you let me know the goal that you would like to archive? Why do you need to
deny the access permission of the folder when the user logon remotely.

Sincerely,
Jack Wang
Microsoft Online Support Professional

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: "Greg" <123@123.com>
| Sender: "Greg" <123@123.com>
| Subject: Dialup Special Group
| Date: Fri, 22 Nov 2002 13:31:53 -0800
| Lines: 30
| Message-ID: <1172001c2926e$9392bb40$8af82ecf@TK2MSFTNGXA03>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcKSbpOSUwDz48EWRiGX8m61l3Km1Q==
| Newsgroups: microsoft.public.win2000.security
| Path: cpmsftngxa06
| Xref: cpmsftngxa06 microsoft.public.win2000.security:43425
| NNTP-Posting-Host: TK2MSFTNGXA03 10.40.1.48
| X-Tomcat-NG: microsoft.public.win2000.security
|
| I would like to deny VPN (and/or Dialin) users access to
| a "Folder" when they are entering the Network remotely.
| However, when the same user is in the network on the LAN
| they can gain access. To do this I was thinking about
| adding the DIALUP special security group to the folder and
| DENY access and giving Domain Users RW access.
|
| Isn't the DIALUP security group a group that
| controls membership based on what you are doing on the
| network? As in, when you dial up (or go through R&R Remote
| Access) then you automatically become a member of this
| group. Just like Authenticated User and Creator Owner.
| Here is what I found on ms support as an explanation of
| this group.
|
| SID: S-1-5-1
| Name: Dialup
| Description: A group that includes all users who have
| logged on through a dial-up connection. Membership is
| controlled by the operating system.
|
| So in theory a VPN user becomes a member of the DIALUP
| group, therefore can be denied access when the group is
| added to the permissions of the folder.
|
| I can't seem to get this to work. Any ideas? Or does
| anyone know of an alternative method to accomplish this?
|
| Thanks,
| Greg
|

---

• Next message: Gary Smith: "Re: Q329414 MDAC security hotfix - installing wrong version MSADC files..."
• Previous message: Greg Askew: "Re: Q329414 MDAC security hotfix - installing wrong version MSADC files..."
• In reply to: Greg: "Dialup Special Group"
• Next in thread: Greg: "RE: Dialup Special Group"
• Reply: Greg: "RE: Dialup Special Group"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Problem with Server Performance Advisor and multiple servers ... The problem lies around the permissions granted to the ... server copies its data to the shared Transfer folder. ... created, the owner is the remote computer, which is fine, but it's only ... (microsoft.public.windows.server.general) Re: Office 2007 .tmp files cause access denied error when saving f ... The specified permissions are included in ... Copy remotely stored files onto your computer, and update the remote file when saving" ... You could also use a script or macro to make a copy of the work folder or to do duplicate saves to two locations. ... process due to the .tmp files being created when the file is opened from the ... (microsoft.public.office.misc) RE: Dialup Special Group ... Then what is the purpose of the Dialup group??? ... >| and Remote acess you become a member of the DIALUP ... >| folder, we'll call it "secure", that cannot be accessed ... (microsoft.public.win2000.security) RE: Dialup Special Group ... Your understanding on the DIALUP group is correct. ... |>| and Remote acess you become a member of the DIALUP ... Certain users access this folder when in ... (microsoft.public.win2000.security) Re: configuring folder as Share Located On Another Computer permissi ... Located On Another Computer' home directory permissions? ... folder from the remote machine's local IIS localhost site, ... machine's IIS Anonymouse User account? ... (microsoft.public.inetserver.iis.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.win2000.security  > 2002-11