Re: Granting access based on user location

From: vidro (vidro_at_discussions.microsoft.com)
Date: 08/18/05


Date: Thu, 18 Aug 2005 10:05:04 -0700

Capture MAC for authentication?
but how to authenticate it and against what?

"Roger Abell" wrote:

> Well, the web access part is likely simple if you have a web
> dev in house, as the client properties of the browsing client
> will give you pretty much all you would need to tell if they
> are on local network, vpn'd in, or using the public interface
> on internet, and the server-side could then tune what is given
> in the browser rendering as appropriate.
> For the other access it sounded as if you need to distinguish
> between only locally attached or vpn'd in. If you could isolate
> the shares on to different servers and then for example use
> IPsec on the server with the sensitive shares that should not
> be available when vpn'd in so that server will not speack with
> the IPs your vpn gives out . . .
> There are likely other, and possibly more simple ways, but
> given your sketch of requirements these are what first came
> to mind. The alternatives will also vary based on info you
> did not provide, such as what vpn solution is in use, do you
> use IAS for auth, etc..
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "vidro" <vidro@discussions.microsoft.com> wrote in message
> news:993D5714-187C-4200-B683-B203121241E8@microsoft.com...
> > I need to set security based on location and machine.
> > Scenario:
> >
> > A user has an account on the Cooperate network and his laptop has account
> > on Corporate network.
> > While on the local area network, this user can access Information from
> > folder A,B,C on a server
> > When the user goes mobile with his laptop the user needs to be
> constrained
> > to only seeing info from folder A and B
> > If the same user goes to a computer that is not apart of the Corporate
> > network he needs to be constrained to only folder A.
> >
> > The user, when not on the local network, will be using the Internet to
> > attaching to the Corporate network.
> > There are 2 methods to attach to information via the internet; either thru
> > VPN or a WEB server.
> > If the user is using his laptop it will most likely be VPN,
> > If he is on a different p.c. he will need to go to the Corporate WEB
> site.
> >
> > At the same time I do not want to give users the ability access
> information
> > from a non-company p.c. threw a VPN connection.
> >
> > Any help in implementing such a security scheme would be greatly
> appreciated.
> >
>
>
>



Relevant Pages

  • Re: Fully parallel Scheme-based language w/ evaluator
    ... Windows Server 2003 and networks in simple - and irreverent - terms. ... If networking really is a big deal, ... Concepts and Terminology in Part I, and The Design and Deployment of Network ...
    (comp.lang.misc)
  • Re: Outgoing POP3 email missing/lost/not received
    ... Funny thing is that I have had this ISP for 8 years and it has always been ... It looks like when you last ran CEICW, you set the ISP's mail server to: ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.general)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.dns)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.networking)