vpn security
Hi there!
How to secure a vpn connection more secure. What I want is any user should not see the server log on window except the administrator.
Thanks
How to secure a vpn connection more secure. What I want is any user should not see the server log on window except the administrator.
Thanks
ASKER
Hi irmoore thanks for your reply!
Sorry about the space in my words. I meant 'logon screen'. In our domain the normal users trying to do vpn see the 'server logon window', though they cannot logon to this server. But I still want them not to see this 'server logon window'.
Thanks
Sorry about the space in my words. I meant 'logon screen'. In our domain the normal users trying to do vpn see the 'server logon window', though they cannot logon to this server. But I still want them not to see this 'server logon window'.
Thanks
ASKER
Hello Irmoore!
Am I able to define my question more easily or not, please let me know.
Thanks
Am I able to define my question more easily or not, please let me know.
Thanks
I'm still not sure what you mean by server logon window. A VPN user should never see that. They might, however, see a login screen that asks for username/domain/password to get authenticated in the domain. That does not mean they are logging into the server.
ASKER
Thanks Irmoore!
Yes you are correct. The Logon window! Is this window a server logon window or the session window for VPN?. I am not sure myself.
Let me recofirm.
Yes you are correct. The Logon window! Is this window a server logon window or the session window for VPN?. I am not sure myself.
Let me recofirm.
ASKER
Irmoore!
Its a server logon window. What's happening is that even when a normal user wants to connect through vpn the server logon window comes up and then the server denies the connections saying 'You are not authorized to connect through this connection session'. I want if a normal user other than the administrators logs on should not see this screen logon window. How can I do that?. Or How can I secure my vpn.
Thanks
Its a server logon window. What's happening is that even when a normal user wants to connect through vpn the server logon window comes up and then the server denies the connections saying 'You are not authorized to connect through this connection session'. I want if a normal user other than the administrators logs on should not see this screen logon window. How can I do that?. Or How can I secure my vpn.
Thanks
Can you explain how a user exactly is connecting? Is it just a dialog box with Username/Domain/Password lines? If so, the user account must have "dial-in access rights" enabled in their user account.
If they put their username/password and logon domain into the properties of the VPN client dialer, they should not get prompted again with the login box. If they do, it is because their account does not have 'dial-in" access allowed.
What operating system on the client?
If they put their username/password and logon domain into the properties of the VPN client dialer, they should not get prompted again with the login box. If they do, it is because their account does not have 'dial-in" access allowed.
What operating system on the client?
ASKER
THanks Irmoore!
The user connects through the Terminal Service Manager. You are right it asks for username, password and the Domain name. Once it is authenticated it sends directly to the server logon window. Is this right?. I have disabled dial in for every user.
The user connects through the Terminal Service Manager. You are right it asks for username, password and the Domain name. Once it is authenticated it sends directly to the server logon window. Is this right?. I have disabled dial in for every user.
ASKER
Users use Wins XP
ASKER
Hi Irmoore!
Do you require more info.
THanks
Do you require more info.
THanks
So to confirm, you are connecting to the network thru the vpn and then using terminal services to run programs on the server? If thats correct, terminal server users need the "log on locally" permission enabled for there account, plus whatever permissions the application likes. If the vpn users just need to access the network shares, then dont use terminal services
amanzoor, so let me see if I understand, you basically want auto logon? the user clicks on the connection, and is not prompted for anything, just automatically connects?
ASKER
Beerman!
Thanks for the reply. Let me try disabling the terminal services. What I want is whenever a user opens up the terminal services client window and puts in the server, password and domain they should not see directly the server log on screen. I think I have clarified, if not please let me know.
Thanks for the reply. Let me try disabling the terminal services. What I want is whenever a user opens up the terminal services client window and puts in the server, password and domain they should not see directly the server log on screen. I think I have clarified, if not please let me know.
ASKER
Hi Stevenlewis!
Thanks for the reply. No I do not want auto logon. This thing is happening whenever a user puts the server name, password and the domain, they are directly shown the server logon screen (I DO NOT want this server logon screen shown to users infact I want them to simply access denied on the terminal services client screen). Will disabling the terminal services help?.
Thanks for the reply. No I do not want auto logon. This thing is happening whenever a user puts the server name, password and the domain, they are directly shown the server logon screen (I DO NOT want this server logon screen shown to users infact I want them to simply access denied on the terminal services client screen). Will disabling the terminal services help?.
Do you have terminal services enabled on the PPTP server, and as soon as the client makes a connection, the term server screen comes up? Not good... Yes, try just disabling the terminal services on that server and try it.
ASKER
THanks Irmoore!
Let me try it.
Let me try it.
ASKER
Irmoore!
I disabled the terminal service, by going into terminal service configuration and then under remote control. I clicked onto DO NOT allow remote control. This is whats happening again.....when a user opens up remote desktop icon and only puts in the server name (even if the user does not put username pass and domain) it directly throws the user onto the server logon screen, please help. Awaiting your reply.
THanks
I disabled the terminal service, by going into terminal service configuration and then under remote control. I clicked onto DO NOT allow remote control. This is whats happening again.....when a user opens up remote desktop icon and only puts in the server name (even if the user does not put username pass and domain) it directly throws the user onto the server logon screen, please help. Awaiting your reply.
THanks
Amanzoor, I think what you disabled was the ability of the admin to remotely control the end users desktop.
Is what you want - for the user to only put in the username and password once? Then on the remote desktop connection screen hit <<Options to hide the username/password options. The only other things on that screen are server name, connect, cancel, etc. When the user hits connect, he will get the server logon screen. That is because he is logging on to the server (just like if he was sitting right next to the server). This is by design for security reasons. I think that is your best option. The only way to get around this is to allow autologon, which is not good, as you agreed with stevenlewis in a previous post.
Now, if what you want is to disable terminal service-so that no users can log in to the server at all. Then either stop the terminal services in administrative tools-services, or uninstall terminal services all together-control panel-add/remove programs-windows components
Hope that helps
Is what you want - for the user to only put in the username and password once? Then on the remote desktop connection screen hit <<Options to hide the username/password options. The only other things on that screen are server name, connect, cancel, etc. When the user hits connect, he will get the server logon screen. That is because he is logging on to the server (just like if he was sitting right next to the server). This is by design for security reasons. I think that is your best option. The only way to get around this is to allow autologon, which is not good, as you agreed with stevenlewis in a previous post.
Now, if what you want is to disable terminal service-so that no users can log in to the server at all. Then either stop the terminal services in administrative tools-services, or uninstall terminal services all together-control panel-add/remove programs-windows components
Hope that helps
ASKER
Thanks Beerman!
I want the users when they open up remote desktop and put in the username password and domain they SHOULD NOT be seeing the server log on window.
I want only admins when they open a remote desktop icon and put in servername or IP and password and domain name they should see the server log on window.
Awaiting for reply.
THanks
I want the users when they open up remote desktop and put in the username password and domain they SHOULD NOT be seeing the server log on window.
I want only admins when they open a remote desktop icon and put in servername or IP and password and domain name they should see the server log on window.
Awaiting for reply.
THanks
Question for you amanzoor
Do you want users to use the remote desktop to connect to your terminal server or other xp computers?
Do you want users to use the remote desktop to connect to your terminal server or other xp computers?
ASKER
Hi Breeman!
Thanks for the reply. I do not want users to connect to my terminal server, the moment they enter the server name and press enter they should be disconnected by this service.
THanks
Thanks for the reply. I do not want users to connect to my terminal server, the moment they enter the server name and press enter they should be disconnected by this service.
THanks
ASKER
I want only admins to be able to log on.
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Breeman!
It worked, exactly what I wanted. Thanks Again.
It worked, exactly what I wanted. Thanks Again.
you're going to have to be more specific on what you want to do. Based on your previous questions, you are using Microsoft PPTP VPN to a Win2k server. Domain users should not be able to see any server logs anyway, only admins. What kind of logs are you talking about? How would a normal VPN user see the server logs now?
Cheers!