Setup is this. DM=SBS 2003, Citrix Access Essentials is used via TS for remote facilities to access server hosted applications. The remote facilities are connected using VPN tunnels via Sonic Wall. Internal access is established by accessing a secondary IP on the Citrix server. External access is used via https registered subdomain. I need to allow all authenticated users access to the Citrix server via VPN tunnel (using TS). This is how it is currently setup. I also need to restrict at the same time some of the same users access via https (from home) without restricting them while they are at the facility (using the VPN). The problem Im having is I can restrict TS for a user account but that will also prevent them from using TS while they are accessing via VPN tunnel. I dont know if im complicating a simple issue or if what is requested, not possible.