• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 636
  • Last Modified:

Active directory authenticated Cisco VPN users

Hello there.
I have setup authentication to be Active directory on my Cisco 3030 VPN concentrator and created 2 groups (one for admins and the other for normal users), both authenticating against a windows 2003 domain controller.

I've allocated 2 different IP pools for the said groups and restricting user access based on IP address on my firewall, which sits right after the VPN concentrator.

My problem is, users who are part of the normal user group can get admin access by just copying the profile from an admin user and consequently get admin access onto the systems.

Is there anyway I can prevent this from happening using Active directory features ?

Hope I made myself clear.

Thanks in advance

Shiv
0
shivanthan
Asked:
shivanthan
  • 2
  • 2
1 Solution
 
Phadke_hemantCommented:
how come they copy the admin user profile? this means they have rights on the drive and mostly they are member of loca admin on the machines
remove the normal users from the local admin group from all the machines and recreate their profiles so that they cannot copy the admin profile and will not get the rights
0
 
shivanthanAuthor Commented:
Hi..thanks for the comment.
I already had a look at this option but need one which uses features of active directory and identify the users differently, and not letting them use the profile which is not meant for them.

Thanks
Shiv
0
 
snowsurferCommented:
Are you using RADIUS?
0
 
Phadke_hemantCommented:
users can use other profile only if they have rights on that machine so you need to remove users from Local Administrators group on those machines and addd them to power users only. only this is not sufficient as they have already copied the admin profile so you need to delete the old profiles also
0
 
shivanthanAuthor Commented:
Yes, I am using Microsoft IAS server for the authentication.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now