VPN and stopping non domain machines using it

[Simon CHurch]

Hello,

we have a RRAS windows 2000 VPN setup. The box is located
in a DMZ. We also run native AD. As part of our security
policy, we would like to prevent all non domain
users/machines from using VPN. There are a number of
technology users who work from home, from machines that we
have no control over. Hence we want to make sure that all
VPN users are domain users, using company issued machines.

ANy ideas how we can do this?

Simon

 

[Bill Grant]

Is the RRAS server a standalone or an AD member?

If the RRAS server is in AD, the clients will be authenticating to AD.
So you can set your remote access policy to require membership of an AD
group.

If it is a standalone, the remote clients will be authenticating to the
machine's local SAM database, which doesn't know about AD.