Suddenly All users are allowed VPN access!!

  • Thread starter Thread starter Nadi
  • Start date Start date
N

Nadi

ISA Server 2004 SP3

Windows 2003 SP2



On Active Directory:........

AD User DIal-In Tab has "Allow Access through Remote Access Policies" By
default.



On the ISA:......

Remote Access Policies



IN the "ISA Server Default Policy", the "Policy condition" has the "Domain
Users" group



Action "Grant Remote Access Permission"



What is wrong? what of the above isn't a default? I didn't change any of
the settings!! Any explanation??





Regards,NN
 
Hi,

> AD User DIal-In Tab has "Allow Access through Remote Access Policies" By
> default.

AD native mode result

> IN the "ISA Server Default Policy", the "Policy condition" has the "Domain
> Users" group
> Action "Grant Remote Access Permission"

OK, but you manually have to activate VPN and you must manually select the
users or groups that have the right to use VPN. I don't see any security
risk.

regards Jens
www.nt-faq.de
 
Thanks for the reply, but Believe me, i found the domain users groups from y
10 domains in the ISA Server Default Policies. I.E. in every ISA of my 10
ISAs, every default ISA Server Default Policy has its domain "Domain users"
group in it thus all the users are allowed access !!!!!!!

I'm thinking of opening a case with MS to check how this happened


"Jens Baier" wrote in message
news:%23Bt1EWzrIHA.5060@TK2MSFTNGP03.phx.gbl...
> Hi,
>
>> AD User DIal-In Tab has "Allow Access through Remote Access Policies" By
>> default.
>
> AD native mode result
>
>> IN the "ISA Server Default Policy", the "Policy condition" has the
>> "Domain Users" group
>> Action "Grant Remote Access Permission"
>
> OK, but you manually have to activate VPN and you must manually select the
> users or groups that have the right to use VPN. I don't see any security
> risk.
>
> regards Jens
> www.nt-faq.de
 
Back
Top