|
Posted by Nadi on May 5, 2008, 5:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
ISA Server 2004 SP3
Windows 2003 SP2
On Active Directory:........
AD User DIal-In Tab has "Allow Access through Remote Access Policies" By
default.
On the ISA:......
Remote Access Policies
IN the "ISA Server Default Policy", the "Policy condition" has the "Domain
Users" group
Action "Grant Remote Access Permission"
What is wrong? what of the above isn't a default? I didn't change any of
the settings!! Any explanation??
Regards,NN
|
|
Posted by Jens Baier on May 6, 2008, 12:56 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi,
> AD User DIal-In Tab has "Allow Access through Remote Access Policies" By
> default.
AD native mode result
> IN the "ISA Server Default Policy", the "Policy condition" has the "Domain
> Users" group
> Action "Grant Remote Access Permission"
OK, but you manually have to activate VPN and you must manually select the
users or groups that have the right to use VPN. I don't see any security
risk.
regards Jens
www.nt-faq.de
|
|
Posted by Nadi on May 6, 2008, 4:10 pm
If you were Registered and logged in, you could reply and use other advanced thread options
10 domains in the ISA Server Default Policies. I.E. in every ISA of my 10
ISAs, every default ISA Server Default Policy has its domain "Domain users"
group in it thus all the users are allowed access !!!!!!!
I'm thinking of opening a case with MS to check how this happened
> Hi,
>
>> AD User DIal-In Tab has "Allow Access through Remote Access Policies" By
>> default.
>
> AD native mode result
>
>> IN the "ISA Server Default Policy", the "Policy condition" has the
>> "Domain Users" group
>> Action "Grant Remote Access Permission"
>
> OK, but you manually have to activate VPN and you must manually select the
> users or groups that have the right to use VPN. I don't see any security
> risk.
>
> regards Jens
> www.nt-faq.de
|
|
Posted by Jim Harrison \(ISA SE\) on May 6, 2008, 7:41 pm
If you were Registered and logged in, you could reply and use other advanced thread options
user, protocol or destination.
If this rule contains specific protocols, users, sources, destinations or
users, someone did this manually (not via the ISA UI).
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
Thanks for the reply, but Believe me, i found the domain users groups from y
10 domains in the ISA Server Default Policies. I.E. in every ISA of my 10
ISAs, every default ISA Server Default Policy has its domain "Domain users"
group in it thus all the users are allowed access !!!!!!!
I'm thinking of opening a case with MS to check how this happened
> Hi,
>
>> AD User DIal-In Tab has "Allow Access through Remote Access Policies" By
>> default.
>
> AD native mode result
>
>> IN the "ISA Server Default Policy", the "Policy condition" has the
>> "Domain Users" group
>> Action "Grant Remote Access Permission"
>
> OK, but you manually have to activate VPN and you must manually select the
> users or groups that have the right to use VPN. I don't see any security
> risk.
>
> regards Jens
> www.nt-faq.de
|
| Similar Threads | Posted | | Maximum Users allowed in a Share | September 13, 2005, 12:47 pm |
| Autoenrollment problems - Enrollment access is not allowed to this template computer | September 1, 2006, 4:01 pm |
| is this allowed???? | May 10, 2006, 1:10 pm |
| Computer Shuts down Suddenly | December 11, 2005, 5:16 pm |
| Can I access users from another PC in a workgroup? | August 20, 2006, 8:19 am |
| Access to a specific IP for only 2 users | May 14, 2007, 6:11 am |
| Several encryption schemes suddenly missing in Excel 2003 | March 19, 2006, 6:41 am |
| SBS 2003 suddenly blocked Inbound traffic overnight. | June 28, 2007, 10:46 am |
| Give administrators access to users MY Documents | December 26, 2005, 11:41 pm |
| How to restrict users to access web pages all exept one | July 8, 2006, 2:03 pm |
|
XML site map