Rights required to add and remove routes

[Chris Martin]

We need to grant our users just enough rights to add and remove routes so
their VPN clients can complete connection to our network, however currently
administrators are the only users who can add and remove routes (logically).

What rights need to be granted to users before they can add and remove
routes? Is there a way of doing this short of making them members of the
Administrator's group?

I'd like to be able to deploy the permissions via group policy, so I can do
file/folder ACLs, privileges and rights, user group membership, etc. Any
suggestions?

 

[smlunatick]

We need to grant our users just enough rights to add and remove routes so
their VPN clients can complete connection to our network, however currently
administrators are the only users who can add and remove routes (logically).

What rights need to be granted to users before they can add and remove
routes? Is there a way of doing this short of making them members of the
Administrator's group?

I'd like to be able to deploy the permissions via group policy, so I can do
file/folder ACLs, privileges and rights, user group membership, etc. Any
suggestions?

Are you stating that your "remote" clients need to reset the VPN
client every time they need to access your company's network? The VPN
access to your network should not be changing constantly since:

1) You Internet IP address should be static so that your "remote"
employees will always find you

2) You manage the access and authorization of the "user account" to
access the
VPN "server."

The only time you need to change this info is when you change ISP
service or add / remove "user access."

If your Internet access is based on a "dynamic" IP addess (changes IP
address often) you should look at some type of "dynamic DNS" service
like www.dyndns.org. This will eliminate the need of changing the IP
address constantly in the VPN clients.