Restrict access to servers

[YMan]

Hi,

I have a question about restricting access to servers on LAN.

I am following MS KB Q323381 to set up a VPN server for remote access. My
boss wants to give access to the designated group of remote users to access
a certain shared folder in our file server. However, how can I use Active
Directory to control / restrict access to this shared folder? Is it as
simple as opening a shared folder for AD users by specifying the users in
the properties of the folder?

Another question is that following the way to set up a VPN server, will it
be safe enough to allow remote access this way? Any possible setting can be
done to control who has access?

Thanks

 

[Guest]

I'll take a look at that article.

In terms of setting of file permissions you should place the users in a
global group and then give that group access to the folder. Right click on
the folder go to the security tab on the folder (NTFS permissions). You can
also set share permissions but the NTFS permissions will suffice. You will
also see references about putting that global group into a domain local and
giving permission to the domain local group. You can do that but it is not
absolutely necessary in a single domain environment.

Thanks
Mike Kline

 

[YMan]

Thanks Mike.

Currently I am still struggling with the VPN server. The server box has 2
NICs and each of it has configured a static IP address with respect to the
network they are connecting to (one for LAN, one for internet). However the
LAN can see this server but not outside from the internet. I can ping other
servers' Real IP addresses but not this one.

Just downloaded a couple of the white papers to see if I am missing
something. For your reference these documents are :

- Connecting Your Network to the Internet with Windows Server 2003
- Connecting Remote Users to Your Network with Windows Server 2003

Rdgs,
YMan

 

[YMan]

I have managed to get the VPN server up and able to login to the VPN server
using a Windows 2000 Professional client computer (with the username as
<domain>\<username>). However I cannot connect to the network share via the
VPN connection. To access the network share I have to use the internal IP
address in the UNC path instead of the computer name. The mapping will stay
if it is created to reconnect at next logon.

A minor problem is that when the client computer starts up next time, the
path to the network share will try to reconnect. Since the VPN connection is
not yet established the user will have to manually cancel the connection
attempt. This creates a bit of an irritation to the user.

Is there anyway to allow for network share mapping to run automatically when
the user logs on via VPN connection via VPN server? I have tried to put that
into the logon script but it does not work.

Thanks