Hi VanguardLH,

My company just don't want the remote users to copy any files to their
notebook or home pc from our server. But we can let them to login our
terminal server for jobs need (Such as checking our MRP system informations,
check company's inside mailbox, etc..).
How can we do? Thanks so much.

Sam Mok


"VanguardLH" 在郵件張貼內容主旨
ä¸*撰寫...
Sam Mok wrote:

Hi Sir/Miss,

I had just build up a VPN for my company with a windows 2003 server.
But my company only want the users who can connect to our VPN for just
remote desktop function.
We don't want the users to use our file server's resources.
I had tried to block by IP Filter function from the "Routing and remote
access" policies.
But after many tires, I also failed to do it.

Anybody can in help? Thanks so much.

Sam Mok

Why do you permit outsiders entry into your network as though they were
located at work? Even if coming through a VPN, the outside hosts should
be
placed in a less-privileged zone. That zone dictates to which servers
those
hosts may connect, like to the Exchange server, the company "news" server
(or where any company-wide info is retained), and perhaps to some other
common company servers. The file servers of which you speak could not be
reached from that outer-zone. Users that needed to access servers outside
that zone's list would have to get permission and then allowed to connect
to
those inner-zone hosts.

I have done domain administration but I have used VPN coming into my
company
which puts me in a security zone will less permissions that my workstation
at my work desk. I can get at Exchange and other common web servers while
in that throttled zone and to get to other hosts meant I had to get
permission and get on some list of servers to add my host as having
permission to connect to them. This is a security issue but I suspect you
need to speak with a domain admin rather than a security expert regarding
how to setup the security zone for those VPN connections coming from the
outside.