RTCA
asked on
restrict RRAS access by hostname?
We have a 2003r2 server set up with RRAS and I was wondering if we can restrict a user from logging into that from more than just his/her work laptop? I figured the hostname would be the most simple way to screen by, but didn't have alot of luck in finding a way to do it. Maybe that isn't the best way to do it? If someone has a way to "force" a user to only use his/her work issued laptop (hostname, mac address, etc...) I would love to find out how. I am anxious to throttle some users from attaching with their home machines.
ASKER
Rob, thanks for the info. I have the group memberships in place allowing only certain users to come in, etc...but was hoping that RRAS was robust enough that you could restrict, for example, the user <henry> from establishing a VPN tunnel from his home computer, as opposed to using his work.
I know its a seperate piece, but when you look at the users accessing a remote desktop, it will list those usernames and the hostname they are accessing it from and was hoping the same might be true with RRAS.
Eh, such is life with Microsoft apparently, but I would have thought this question would have been asked before and maybe they would have had a solution for it. We will look at migrating this application to the 515e then. Thanks for the reply.
I know its a seperate piece, but when you look at the users accessing a remote desktop, it will list those usernames and the hostname they are accessing it from and was hoping the same might be true with RRAS.
Eh, such is life with Microsoft apparently, but I would have thought this question would have been asked before and maybe they would have had a solution for it. We will look at migrating this application to the 515e then. Thanks for the reply.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>"I need your help.........."
Though I am likely partial, I believe ID:26143206 clearly answered the question in detail, including other issues and options. Even tough the answer is "you can't do that", EE guidelines state that you can't do that is often the correct answer.
Thanks TheLearnedOne.
--Rob
Though I am likely partial, I believe ID:26143206 clearly answered the question in detail, including other issues and options. Even tough the answer is "you can't do that", EE guidelines state that you can't do that is often the correct answer.
Thanks TheLearnedOne.
--Rob
You can restrict by user name and group membership, but not by host name or MAC address.
In case you are thinking of IP restrictions: It is possible to assign static IP's and restrict by IP, but the IP is assigned to a user not a machine. Therefore the user is assigned the same IP regardless of the machine on which they install the client, ruling this option out as well.
For better control you need to use a VPN router such as a Cisco where you have more control over distribution of the VPN client.