Re: Windows2003\LimitingUserAccess\TS
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/07/05
- Next message: Steven L Umbach: "Re: Local admin group?"
- Previous message: Jeff Cochran: "Re: Searching Windows 2003 DC's eventlog for wrong passwords and account lockouts"
- In reply to: rj: "Re: Windows2003\LimitingUserAccess\TS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 6 Jan 2005 18:32:48 -0600
Sure. That is what VPN's are for to securely make a connection across the
internet via an encrypted virtual tunnel. Of course you need a VPN client on
the client and a VPN server or ipsec endpoint device at the other. Any
recent Windows operating system can also work as a VPN server for one
inbound connection and of course Windows Server can accommodate multiple VPN
connections. For a server you use the Remote Access Management Console to
configure your VPN server. You probably would be best off using pptp which
can be very secure as long as mschapv2 authentication is used [Windows
2000/XP client] and a strong password is used for access. The link below can
get you started. --- Steve
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_vpn_ov02.asp
http://tinyurl.com/4p63b -- same link as above,shorter.
"rj" <rj@att.com> wrote in message
news:%23nyrYP$8EHA.2804@TK2MSFTNGP15.phx.gbl...
> Steve:
>
> Can I use vpn, with the user accessing the server through an internet
> connection?
>
> Thanks
>
> Steven L Umbach wrote:
>> You might look into another way for the user to access the server such as
>> a mapped drive either on the lan or over a VPN connection. Otherwise you
>> will have to use ntfs permissions and Group Policy to restrict the user.
>> Group Policy can be configured locally via gpedit.msc or better yet at
>> the domain or OU level for domain computers. The problem with local Group
>> Policy is that by default it applies to ALL users that logon to the
>> computer, though there are a couple hacks to work around that. For Group
>> Policy in particular look at settings for restrictions under user
>> configuration/administrative templates - various categories. For ntfs
>> permissions add the user to a group with deny permissions or add the user
>> to deny permissions for folders/drives you do not want him to access OR
>> remove everyone/users from ntfs permissions [leave
>> administrators/system], assuming no other regular users need access, for
>> drives and folders you do not want him to access starting at the parent
>> folder where you want to restrict access. You would then want to check
>> all folders under the parent folder to see if any have explicit [non
>> inherited] permissions that need to be modified. Do NOT assign deny
>> permissions to users however as admins are in the users group. ---
>> Steve
>>
>>
>>
>> "Jeff" <jbarr62307@worldnet.att.net> wrote in message
>> news:OwZkBP48EHA.1300@TK2MSFTNGP14.phx.gbl...
>>
>>>I am allowing a user onto my Windows 2003 server, using Terminal
>>>Services. All I want the user to be able to do is get to his directory on
>>>the F drive and be able to add\remove subfolders and files. I assigned
>>>him to the folder and assigned him as a remote operator, but he has
>>>access to control panel and all the drives and folders. How do I
>>>accomplish this?
>>>
>>>TIA
>>>
>>
>>
>>
>
- Next message: Steven L Umbach: "Re: Local admin group?"
- Previous message: Jeff Cochran: "Re: Searching Windows 2003 DC's eventlog for wrong passwords and account lockouts"
- In reply to: rj: "Re: Windows2003\LimitingUserAccess\TS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
