Welcome to ISAserver.org

VPN access and rights

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> VPN access and rights

Page: [1]

Message

<< Older Topic Newer Topic >>

VPN access and rights - 27.May2008 1:40:49 PM

tjohnson

Posts: 30
Joined: 29.Nov.2004
Status: offline

When users access VPNQ and successfully log in, I was under the impression that they could see network resources at that time. I am finding , though, that they need to use Remote Desktop and connect to their computer before they can view network resources. Is this proper? How can I enable them to view network resources via the VPN connection without having to access RDP? Roaming profiles?

Thanks,
Terry

Post #: 1

Featured Links*

RE: VPN access and rights - 28.May2008 12:19:28 PM

pwindell

Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline

Define "view network resources"

Having Network Places work (or not work) has nothing to do with accessing resources.

ISA's Access Rules also control traffic between VPN Clients and the Internal LAN,...access in not "automatic".

However Remote Destop is the most effiecient way anyhow. That is the way you should be doing it. Accessing resources directly from their machine over the VPN will be painfully slow even when it works,...most users would go insane,..they couldn't handle it. A Terminal Server may be better than them remoting in to their own workstations,...especially if some use a Laptop and when they take it with them there is no "workstation" sitting there for them to connect to.

_____________________________

Phillip Windell
www.wandtv.com

(in reply to tjohnson)

Post #: 2

RE: VPN access and rights - 28.May2008 2:21:08 PM

tjohnson

Posts: 30
Joined: 29.Nov.2004
Status: offline

When I say view network resources I mean to say be able to see servers and other network entities in windows explorer.

VPNQ installation creates several rules for access and I added one that allows all traffic from VPN clients to internal network. If my VPNQ client quarantine service is working properly, it should release the VPN quaratined client once they meet all the criteria I have set up. They are given an internal network IP via DHCP, and should, in my view, be able to get into any share they are permitted to have access to. When the VPN client is released from the quarantine, all they see in windows explorer is their own computer and nothing more.

(in reply to pwindell)

Post #: 3

RE: VPN access and rights - 28.May2008 3:55:28 PM

pwindell

Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline

It may look like simply Windows Explorer but it is not. It is the Network Places "portion" of Windows Explorer, and that depends on the Network Browsing functionality. It does not operate by "seeing" anything on the network,...it functions by reading a "browse list" from a Domain Master Browser. It can fail for about a billion different reasons and I just don't even have the stomach to troubleshoot that.

The Network Browsing functionality has absolutely nothing to do with having "access". Network Browsing can abslotely totally fail and "access" will still work perfectly fine. As long as "naming" is functioning you can access the resources with \\machinename\sharename or by having Shortcuts on the user machine based on the UNC path.

In reality users are not going to open every icon they see in Network Places anyway,...usually it is only a couple,...or in our case, one (the file server),...so create Shortcuts to these "target" machines without the full path (\\machinename) and place the Shortcut somewhere (like the Desktop of the All Users Profile) on the remote machines.

If WINS naming is failing but DNS naming works then use the FQDN of the machine (\\machinename.domain.tld)

_____________________________

Phillip Windell
www.wandtv.com

(in reply to tjohnson)

Post #: 4