If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
How to block file copy function transfer through the VPN.
Hi Sir/Miss,
I had just build up a VPN for my company with a windows 2003 server. But my company only want the users who can connect to our VPN for just remote desktop function. We don't want the users to use our file server's resources. I had tried to block by IP Filter function from the "Routing and remote access" policies. But after many tires, I also failed to do it. Anybody can in help? Thanks so much. Sam Mok |
Ads |
#2
|
|||
|
|||
How to block file copy function transfer through the VPN.
Sam Mok wrote:
I had just build up a VPN for my company with a windows 2003 server. But my company only want the users who can connect to our VPN for just remote desktop function. We don't want the users to use our file server's resources. I had tried to block by IP Filter function from the "Routing and remote access" policies. But after many tires, I also failed to do it. Anybody can in help? Thanks so much. Just to verify - you do know that if they can map drives on their remote desktop - then through that they can copy files to their local computers too - right? No need to map the drives directly (from their laptop/home PC/remote location.) Remote Desktop can let their local resources pass through. So can you define what it is you are trying to prevent? Is it that ability? Is it mapping the drive shares directly? Something else? -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#4
|
|||
|
|||
How to block file copy function transfer through the VPN.
Hi Shenan Stanley,
My company just don't want the remote users to copy any files to their notebook or home pc from our server. But we can let them to login our terminal server for jobs need. How can we do? Thanks so much. Sam Mok "Sam Mok" ¦b¶l¥ó±i¶K¤º®e¥D¦® ¤¤¼¶¼g... Hi Shenan Stanley, Thanks for your helps, my company just don't want the users to copy any files from our server. But we can let the remote users to login our terminal server. How can I do? Thanks so much. Sam Mok "Shenan Stanley" ¦b¶l¥ó±i¶K¤º®e¥D¦® ¤¤¼¶¼g... Sam Mok wrote: I had just build up a VPN for my company with a windows 2003 server. But my company only want the users who can connect to our VPN for just remote desktop function. We don't want the users to use our file server's resources. I had tried to block by IP Filter function from the "Routing and remote access" policies. But after many tires, I also failed to do it. Anybody can in help? Thanks so much. Just to verify - you do know that if they can map drives on their remote desktop - then through that they can copy files to their local computers too - right? No need to map the drives directly (from their laptop/home PC/remote location.) Remote Desktop can let their local resources pass through. So can you define what it is you are trying to prevent? Is it that ability? Is it mapping the drive shares directly? Something else? -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#5
|
|||
|
|||
How to block file copy function transfer through the VPN.
Sam Mok wrote:
Hi Sir/Miss, I had just build up a VPN for my company with a windows 2003 server. But my company only want the users who can connect to our VPN for just remote desktop function. We don't want the users to use our file server's resources. I had tried to block by IP Filter function from the "Routing and remote access" policies. But after many tires, I also failed to do it. Anybody can in help? Thanks so much. Sam Mok Why do you permit outsiders entry into your network as though they were located at work? Even if coming through a VPN, the outside hosts should be placed in a less-privileged zone. That zone dictates to which servers those hosts may connect, like to the Exchange server, the company "news" server (or where any company-wide info is retained), and perhaps to some other common company servers. The file servers of which you speak could not be reached from that outer-zone. Users that needed to access servers outside that zone's list would have to get permission and then allowed to connect to those inner-zone hosts. I have done domain administration but I have used VPN coming into my company which puts me in a security zone will less permissions that my workstation at my work desk. I can get at Exchange and other common web servers while in that throttled zone and to get to other hosts meant I had to get permission and get on some list of servers to add my host as having permission to connect to them. This is a security issue but I suspect you need to speak with a domain admin rather than a security expert regarding how to setup the security zone for those VPN connections coming from the outside. |
#6
|
|||
|
|||
How to block file copy function transfer through the VPN.
Hi VanguardLH,
My company just don't want the remote users to copy any files to their notebook or home pc from our server. But we can let them to login our terminal server for jobs need (Such as checking our MRP system informations, check company's inside mailbox, etc..). How can we do? Thanks so much. Sam Mok "VanguardLH" 在郵件張貼內容主旨 ä¸*撰寫... Sam Mok wrote: Hi Sir/Miss, I had just build up a VPN for my company with a windows 2003 server. But my company only want the users who can connect to our VPN for just remote desktop function. We don't want the users to use our file server's resources. I had tried to block by IP Filter function from the "Routing and remote access" policies. But after many tires, I also failed to do it. Anybody can in help? Thanks so much. Sam Mok Why do you permit outsiders entry into your network as though they were located at work? Even if coming through a VPN, the outside hosts should be placed in a less-privileged zone. That zone dictates to which servers those hosts may connect, like to the Exchange server, the company "news" server (or where any company-wide info is retained), and perhaps to some other common company servers. The file servers of which you speak could not be reached from that outer-zone. Users that needed to access servers outside that zone's list would have to get permission and then allowed to connect to those inner-zone hosts. I have done domain administration but I have used VPN coming into my company which puts me in a security zone will less permissions that my workstation at my work desk. I can get at Exchange and other common web servers while in that throttled zone and to get to other hosts meant I had to get permission and get on some list of servers to add my host as having permission to connect to them. This is a security issue but I suspect you need to speak with a domain admin rather than a security expert regarding how to setup the security zone for those VPN connections coming from the outside. |
#7
|
|||
|
|||
How to block file copy function transfer through the VPN.
In article ,
says... Hi Sir/Miss, I had just build up a VPN for my company with a windows 2003 server. But my company only want the users who can connect to our VPN for just remote desktop function. We don't want the users to use our file server's resources. I had tried to block by IP Filter function from the "Routing and remote access" policies. But after many tires, I also failed to do it. Anybody can in help? Thanks so much. Sam Mok Why not setup the VPN on the Firewall that your company should have purchased, then you can limit the VPN sessions to specific IP ranges inside the LAN as well as just RDP TCP 3389. If your company doesn't have a Firewall that acts as a VPN server then you should really consider getting a real firewall. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. (remove 999 for proper email address) |
#8
|
|||
|
|||
How to block file copy function transfer through the VPN.
A VPN effectively makes the remote user part of your internal network. They
then have whatever rights they would have if logged-on to a computer in the office itself. You can, as mentioned, use firewall rules to restrict the ports available to VPN users. Although, since you don't actually want remote users to be part of your LAN, VPN may not be the best solution for you. What you probably need here is secure tunneling of a single port or range of ports for terminal services, which could be achieved with utilities such as SSH or Zebedee. There are GPL and commercial releases of SSH, and Zebedee is a similar and completely free client/server tunneling implementation. "Leythos" wrote: In article , says... Hi Sir/Miss, I had just build up a VPN for my company with a windows 2003 server. But my company only want the users who can connect to our VPN for just remote desktop function. We don't want the users to use our file server's resources. I had tried to block by IP Filter function from the "Routing and remote access" policies. But after many tires, I also failed to do it. Anybody can in help? Thanks so much. Sam Mok Why not setup the VPN on the Firewall that your company should have purchased, then you can limit the VPN sessions to specific IP ranges inside the LAN as well as just RDP TCP 3389. If your company doesn't have a Firewall that acts as a VPN server then you should really consider getting a real firewall. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. (remove 999 for proper email address) . |
Thread Tools | |
Display Modes | |
|
|