Hello,

we have a RRAS windows 2000 VPN setup. The box is located
in a DMZ. We also run native AD. As part of our security
policy, we would like to prevent all non domain
users/machines from using VPN. There are a number of
technology users who work from home, from machines that we
have no control over. Hence we want to make sure that all
VPN users are domain users, using company issued machines.

ANy ideas how we can do this?

Simon

Is the RRAS server a standalone or an AD member?

If the RRAS server is in AD, the clients will be authenticating to AD.
So you can set your remote access policy to require membership of an AD
group.

If it is a standalone, the remote clients will be authenticating to the
machine's local SAM database, which doesn't know about AD.

"Simon CHurch" <(E-Mail Removed)> wrote in message
news:0b5d01c39973$465a2ef0$(E-Mail Removed)...
> Hello,
>
> we have a RRAS windows 2000 VPN setup. The box is located
> in a DMZ. We also run native AD. As part of our security
> policy, we would like to prevent all non domain
> users/machines from using VPN. There are a number of
> technology users who work from home, from machines that we
> have no control over. Hence we want to make sure that all
> VPN users are domain users, using company issued machines.
>
> ANy ideas how we can do this?
>
> Simon