VPN users have unrestricted access

[David Armstrong]

I have set up a series of new users for our very small
network (Win 2000 Server with IAS for the gateway, and
Win 2003 server behind for all other services) who will
only access our network by VPN - they are our Indian
developers.
The users have dial-in access enabled in AD (although
they will actually connect over the internet) and they
are not even members of the domain users group - just a
new group that only has rights to one share.
However connecting to the VPN as these users gives me
full access to all directories and files on the network
even if I explicitly deny access. Help! Any ideas
appreciated!

 

[Sharoon Shetty K [MSFT]]

You can acheive this by configuring filters in the remote access policy.

Remote Access Policy:
http://www.microsoft.com/windows200...ndows2000/en/server/help/sag_rap_elements.htm

 

[Me]

I think he meant they have unrestricted access, as in read/write/change. The
filters would block them but does not fix the permissions problem. It sounds
like he has somehow given all dial-in users domain admin privileges.

Ray

 

[Joe]

I just posted the same problem few threads above. In my
case the user is only domain user. setup dialin access
through domain users properties and not RAS. The user if
logged in from inside he recieves the proper security
settings, but accessing the network through VPN, the user
can browse the network and access all shared folders even
the restricted ones.
I think David is having the same issues.

Thanks,
Joe