I have setup authentication to be Active directory on my Cisco 3030 VPN concentrator and created 2 groups (one for admins and the other for normal users), both authenticating against a windows 2003 domain controller.
I've allocated 2 different IP pools for the said groups and restricting user access based on IP address on my firewall, which sits right after the VPN concentrator.
My problem is, users who are part of the normal user group can get admin access by just copying the profile from an admin user and consequently get admin access onto the systems.
Is there anyway I can prevent this from happening using Active directory features ?
Hope I made myself clear.
Thanks in advance