Restricting Authentication

G

Guest

We have an internet based user attempting to logon to our domain using
account names which they may have obtained from a former employee. Is there
a way to restrict logon in a mixed 2000/2003 domain by allowing logons only
from machines that are members of the domain - or within a certain subnet?
Any ideas or suggestions are appreicated.
 
S

Steven L Umbach

If the user is using a static IP address then block it at your firewall and
your firewall should be able to give you that information by correlating
failed logon attempts to the firewall logs by time [make sure they are in
synch]. How is this happening - via VPN or RDP?? Since he can attempt to
logon I assume you have the need to allow your users to access and
authenticate to your network from the internet? One solution may be to use
L2TP only VPN for access though that will require that users computers have
certificates to authenticate to the VPN server. --- Steve
 
R

Roger Abell [MVP]

Although putting it into play should not be a knee-jerk reaction,
since you mentioned letting only login from machines that are
members of a domain, you could consider using IPsec for
domain isolation.
http://microsoft.com/ipsec
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User locked out with event 537 under type 11 logon 7
Can a GINA STUB fulfil my requirement? 0
Pre-Authentication Failure with Vista 1
auditing logons - someone please clear this #@#$! up. 3
Authentication Auditing 5
The system cannot log you on now because the domain is not availab 2
Failure Audit Question 2
Domain Users Logon 2

Top