A VPN effectively makes the remote user part of your internal network. They
then have whatever rights they would have if logged-on to a computer in the
office itself.

You can, as mentioned, use firewall rules to restrict the ports available to
VPN users.

Although, since you don't actually want remote users to be part of your LAN,
VPN may not be the best solution for you. What you probably need here is
secure tunneling of a single port or range of ports for terminal services,
which could be achieved with utilities such as SSH or Zebedee. There are GPL
and commercial releases of SSH, and Zebedee is a similar and completely free
client/server tunneling implementation.

"Leythos" wrote:

In article ,
says...

Hi Sir/Miss,

I had just build up a VPN for my company with a windows 2003 server.
But my company only want the users who can connect to our VPN for just
remote desktop function.
We don't want the users to use our file server's resources.
I had tried to block by IP Filter function from the "Routing and remote
access" policies.
But after many tires, I also failed to do it.

Anybody can in help? Thanks so much.

Sam Mok

Why not setup the VPN on the Firewall that your company should have
purchased, then you can limit the VPN sessions to specific IP ranges
inside the LAN as well as just RDP TCP 3389.

If your company doesn't have a Firewall that acts as a VPN server then
you should really consider getting a real firewall.


--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(remove 999 for proper email address)
.