Securing Remote Acces

  • Thread starter Thread starter Dennis van Vroonhoven
  • Start date Start date
D

Dennis van Vroonhoven

Hi,

The Remote Access Server works fine only I want to control on the server
which clients are allowed access. Logon via username, password and domain
works fine. I would like the client to be configured with a shared secret or
something which also should be located on the Remote Access Server. So if I
don't want the client to be able to access the server I can remove/disable
the shared secret and that the client even when they know a valid username
and password will not be able to access the server.

Is there somebody who can help me with this problem?

Thanks in advance,
Dennis
 
You can control which clients can dial in by granting/denying dial in
previleges. Go to Start ->Run->Compmgmt.msc.Under Users and Groups, right
click on a particular user and click on properties. You can now
enable/diable access in the Dial-in tab.

Thanks
Giri
 
Thanks for the reply, I understand that you can control the user access
there.
The scenario I want is a shared secret (or something else) which should be
on either the workstation and the ras server for authentication. I tried to
do this with certificates but when I revoke a certificate on the server the
workstation can still access the vpnserver. I want the ability to give or
deny a workstation instead of a user. So when no certificate is available
you can't login but when a certifcate is installed they can login, but when
I revoke the certificate they still can.. :-(

So I want to control access also by workstation. So if I do this by
shared-secret or certificate, I also want to know how to deny them later.

Thanks,
Dennis
 
Can you please check KB article 258727
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q258727
It talks about why revoked certificates may still be accepted. teh KB
article also provides a solution which is given below.

From the KB article,

Change the Publication Interval setting for the CRL from the default time of
one week to a shorter duration. To change the default time, do the
following:
1.. Start the Microsoft Management Console (MMC) Certificate Authority
snap-in.
2.. Open the properties for the Revoked Certificates folder, and then
change the Publication Interval setting. You can also view the current CRL.


Thanks
Giri
 
Back
Top