VPN users have full access

  • Thread starter David Armstrong
  • Start date
D

David Armstrong

I have some users on our very small network (Win 2000
Server with IAS for the gateway, and Win 2003 server
behind for all other services) who only access our
network by VPN.
The users have dial-in access enabled in AD (although
they will actually connect over the internet) and they
are not even members of the domain users group - just a
new group that only has rights to one share.
However connecting to the VPN as these users gives me
full access to all directories and files on the network
even if I explicitly deny access. Help! Any ideas
appreciated!
 
O

Ozone

When the user logs in, use a prog that will show the group membership for
that login. Some use the SID and others use login name... You may see that
they are part of a dial-in group or a default group that is giving them more
access rights. Also, use an ACL dump prog to check the ACL's on the
directories and files in question to see who actually has access to them...

HTH
Ozone
 
S

Steven Umbach

Maybe they are not authenticating as you think. When they are connected to the
share that they should not have access, look in Computer Management/shared
folders/sessions to see how they are connected. Keep in mind that you can use
Remote Access Policies in ras to create input/output filters to restrict access
to lan computers based on IP address. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

VPN users have unrestricted access 3
VPN - Restrict Users Access ?? 8
securing mobile users at hotspots 6
Prevent non-VPN connected Internet access for external users? 7
Bypass Domain GPO when not connected to network? 3
Control RAS/VPN with AD computer accounts 3
VPN access question 3
Internet browsing after connecting to VPN 3

Top