A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Security and Administration with Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

How to block file copy function transfer through the VPN.



 
 
Thread Tools Display Modes
  #1  
Old February 1st 10, 02:39 AM posted to microsoft.public.windowsxp.security_admin
Sam Mok
external usenet poster
 
Posts: 8
Default How to block file copy function transfer through the VPN.

Hi Sir/Miss,

I had just build up a VPN for my company with a windows 2003 server.
But my company only want the users who can connect to our VPN for just
remote desktop function.
We don't want the users to use our file server's resources.
I had tried to block by IP Filter function from the "Routing and remote
access" policies.
But after many tires, I also failed to do it.

Anybody can in help? Thanks so much.

Sam Mok
Ads
  #2  
Old February 1st 10, 02:53 AM posted to microsoft.public.windowsxp.security_admin
Shenan Stanley
external usenet poster
 
Posts: 10,523
Default How to block file copy function transfer through the VPN.

Sam Mok wrote:
I had just build up a VPN for my company with a windows 2003 server.
But my company only want the users who can connect to our VPN for just
remote desktop function.
We don't want the users to use our file server's resources.
I had tried to block by IP Filter function from the "Routing and remote
access" policies.
But after many tires, I also failed to do it.

Anybody can in help? Thanks so much.


Just to verify - you do know that if they can map drives on their remote
desktop - then through that they can copy files to their local computers
too - right? No need to map the drives directly (from their laptop/home
PC/remote location.) Remote Desktop can let their local resources pass
through.

So can you define what it is you are trying to prevent? Is it that ability?
Is it mapping the drive shares directly? Something else?

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


  #3  
Old February 1st 10, 05:32 AM posted to microsoft.public.windowsxp.security_admin
Sam Mok
external usenet poster
 
Posts: 8
Default How to block file copy function transfer through the VPN.

Hi Shenan Stanley,

Thanks for your helps, my company just don't want the users to copy any
files from our server. But we can let the remote users to login our terminal
server.
How can I do? Thanks so much.

Sam Mok




"Shenan Stanley" ¦b¶l¥ó±i¶K¤º®e¥D¦®
¤¤¼¶¼g...
Sam Mok wrote:
I had just build up a VPN for my company with a windows 2003 server.
But my company only want the users who can connect to our VPN for just
remote desktop function.
We don't want the users to use our file server's resources.
I had tried to block by IP Filter function from the "Routing and remote
access" policies.
But after many tires, I also failed to do it.

Anybody can in help? Thanks so much.


Just to verify - you do know that if they can map drives on their remote
desktop - then through that they can copy files to their local computers
too - right? No need to map the drives directly (from their laptop/home
PC/remote location.) Remote Desktop can let their local resources pass
through.

So can you define what it is you are trying to prevent? Is it that
ability? Is it mapping the drive shares directly? Something else?

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

  #4  
Old February 1st 10, 06:38 AM posted to microsoft.public.windowsxp.security_admin
Sam Mok
external usenet poster
 
Posts: 8
Default How to block file copy function transfer through the VPN.

Hi Shenan Stanley,

My company just don't want the remote users to copy any files to their
notebook or home pc from our server. But we can let them to login our
terminal server for jobs need.
How can we do? Thanks so much.

Sam Mok


"Sam Mok" ¦b¶l¥ó±i¶K¤º®e¥D¦®
¤¤¼¶¼g...
Hi Shenan Stanley,

Thanks for your helps, my company just don't want the users to copy any
files from our server. But we can let the remote users to login our
terminal server.
How can I do? Thanks so much.

Sam Mok




"Shenan Stanley" ¦b¶l¥ó±i¶K¤º®e¥D¦®
¤¤¼¶¼g...
Sam Mok wrote:
I had just build up a VPN for my company with a windows 2003 server.
But my company only want the users who can connect to our VPN for just
remote desktop function.
We don't want the users to use our file server's resources.
I had tried to block by IP Filter function from the "Routing and remote
access" policies.
But after many tires, I also failed to do it.

Anybody can in help? Thanks so much.


Just to verify - you do know that if they can map drives on their remote
desktop - then through that they can copy files to their local computers
too - right? No need to map the drives directly (from their laptop/home
PC/remote location.) Remote Desktop can let their local resources pass
through.

So can you define what it is you are trying to prevent? Is it that
ability? Is it mapping the drive shares directly? Something else?

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

  #5  
Old February 1st 10, 11:41 AM posted to microsoft.public.windowsxp.security_admin
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default How to block file copy function transfer through the VPN.

Sam Mok wrote:

Hi Sir/Miss,

I had just build up a VPN for my company with a windows 2003 server.
But my company only want the users who can connect to our VPN for just
remote desktop function.
We don't want the users to use our file server's resources.
I had tried to block by IP Filter function from the "Routing and remote
access" policies.
But after many tires, I also failed to do it.

Anybody can in help? Thanks so much.

Sam Mok


Why do you permit outsiders entry into your network as though they were
located at work? Even if coming through a VPN, the outside hosts should be
placed in a less-privileged zone. That zone dictates to which servers those
hosts may connect, like to the Exchange server, the company "news" server
(or where any company-wide info is retained), and perhaps to some other
common company servers. The file servers of which you speak could not be
reached from that outer-zone. Users that needed to access servers outside
that zone's list would have to get permission and then allowed to connect to
those inner-zone hosts.

I have done domain administration but I have used VPN coming into my company
which puts me in a security zone will less permissions that my workstation
at my work desk. I can get at Exchange and other common web servers while
in that throttled zone and to get to other hosts meant I had to get
permission and get on some list of servers to add my host as having
permission to connect to them. This is a security issue but I suspect you
need to speak with a domain admin rather than a security expert regarding
how to setup the security zone for those VPN connections coming from the
outside.
  #6  
Old February 2nd 10, 05:42 AM posted to microsoft.public.windowsxp.security_admin,microsoft.public.security
Sam Mok
external usenet poster
 
Posts: 8
Default How to block file copy function transfer through the VPN.

Hi VanguardLH,

My company just don't want the remote users to copy any files to their
notebook or home pc from our server. But we can let them to login our
terminal server for jobs need (Such as checking our MRP system informations,
check company's inside mailbox, etc..).
How can we do? Thanks so much.

Sam Mok


"VanguardLH" 在郵件張貼內容主旨
ä¸*撰寫...
Sam Mok wrote:

Hi Sir/Miss,

I had just build up a VPN for my company with a windows 2003 server.
But my company only want the users who can connect to our VPN for just
remote desktop function.
We don't want the users to use our file server's resources.
I had tried to block by IP Filter function from the "Routing and remote
access" policies.
But after many tires, I also failed to do it.

Anybody can in help? Thanks so much.

Sam Mok


Why do you permit outsiders entry into your network as though they were
located at work? Even if coming through a VPN, the outside hosts should
be
placed in a less-privileged zone. That zone dictates to which servers
those
hosts may connect, like to the Exchange server, the company "news" server
(or where any company-wide info is retained), and perhaps to some other
common company servers. The file servers of which you speak could not be
reached from that outer-zone. Users that needed to access servers outside
that zone's list would have to get permission and then allowed to connect
to
those inner-zone hosts.

I have done domain administration but I have used VPN coming into my
company
which puts me in a security zone will less permissions that my workstation
at my work desk. I can get at Exchange and other common web servers while
in that throttled zone and to get to other hosts meant I had to get
permission and get on some list of servers to add my host as having
permission to connect to them. This is a security issue but I suspect you
need to speak with a domain admin rather than a security expert regarding
how to setup the security zone for those VPN connections coming from the
outside.


  #8  
Old February 4th 10, 07:08 PM posted to microsoft.public.windowsxp.security_admin
Anteaus
external usenet poster
 
Posts: 1,330
Default How to block file copy function transfer through the VPN.

A VPN effectively makes the remote user part of your internal network. They
then have whatever rights they would have if logged-on to a computer in the
office itself.

You can, as mentioned, use firewall rules to restrict the ports available to
VPN users.

Although, since you don't actually want remote users to be part of your LAN,
VPN may not be the best solution for you. What you probably need here is
secure tunneling of a single port or range of ports for terminal services,
which could be achieved with utilities such as SSH or Zebedee. There are GPL
and commercial releases of SSH, and Zebedee is a similar and completely free
client/server tunneling implementation.

"Leythos" wrote:

In article ,
says...

Hi Sir/Miss,

I had just build up a VPN for my company with a windows 2003 server.
But my company only want the users who can connect to our VPN for just
remote desktop function.
We don't want the users to use our file server's resources.
I had tried to block by IP Filter function from the "Routing and remote
access" policies.
But after many tires, I also failed to do it.

Anybody can in help? Thanks so much.

Sam Mok


Why not setup the VPN on the Firewall that your company should have
purchased, then you can limit the VPN sessions to specific IP ranges
inside the LAN as well as just RDP TCP 3389.

If your company doesn't have a Firewall that acts as a VPN server then
you should really consider getting a real firewall.


--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(remove 999 for proper email address)
.

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 11:28 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.