Suddenly All users are allowed VPN access!!

N

Nadi

ISA Server 2004 SP3

Windows 2003 SP2



On Active Directory:........

AD User DIal-In Tab has "Allow Access through Remote Access Policies" By
default.



On the ISA:......

Remote Access Policies



IN the "ISA Server Default Policy", the "Policy condition" has the "Domain
Users" group



Action "Grant Remote Access Permission"



What is wrong? what of the above isn't a default? I didn't change any of
the settings!! Any explanation??





Regards,NN
 
J

Jens Baier

Hi,

> AD User DIal-In Tab has "Allow Access through Remote Access Policies" By
> default.

AD native mode result

> IN the "ISA Server Default Policy", the "Policy condition" has the "Domain
> Users" group
> Action "Grant Remote Access Permission"

OK, but you manually have to activate VPN and you must manually select the
users or groups that have the right to use VPN. I don't see any security
risk.

regards Jens
www.nt-faq.de
 
N

Nadi

Thanks for the reply, but Believe me, i found the domain users groups from y
10 domains in the ISA Server Default Policies. I.E. in every ISA of my 10
ISAs, every default ISA Server Default Policy has its domain "Domain users"
group in it thus all the users are allowed access !!!!!!!

I'm thinking of opening a case with MS to check how this happened


"Jens Baier" <jensbaier@passport.com> wrote in message
news:%23Bt1EWzrIHA.5060@TK2MSFTNGP03.phx.gbl...
> Hi,
>
>> AD User DIal-In Tab has "Allow Access through Remote Access Policies" By
>> default.
>
> AD native mode result
>
>> IN the "ISA Server Default Policy", the "Policy condition" has the
>> "Domain Users" group
>> Action "Grant Remote Access Permission"
>
> OK, but you manually have to activate VPN and you must manually select the
> users or groups that have the right to use VPN. I don't see any security
> risk.
>
> regards Jens
> www.nt-faq.de
 
J

Jim Harrison \(ISA SE\)

The "Default" rule is a deny rule, rejecting any traffic regardless of the
user, protocol or destination.
If this rule contains specific protocols, users, sources, destinations or
users, someone did this manually (not via the ISA UI).

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"Nadi" <Nadi222@hotmail.com> wrote in message
news:urxodT7rIHA.5724@TK2MSFTNGP06.phx.gbl...
Thanks for the reply, but Believe me, i found the domain users groups from y
10 domains in the ISA Server Default Policies. I.E. in every ISA of my 10
ISAs, every default ISA Server Default Policy has its domain "Domain users"
group in it thus all the users are allowed access !!!!!!!

I'm thinking of opening a case with MS to check how this happened


"Jens Baier" <jensbaier@passport.com> wrote in message
news:%23Bt1EWzrIHA.5060@TK2MSFTNGP03.phx.gbl...
> Hi,
>
>> AD User DIal-In Tab has "Allow Access through Remote Access Policies" By
>> default.
>
> AD native mode result
>
>> IN the "ISA Server Default Policy", the "Policy condition" has the
>> "Domain Users" group
>> Action "Grant Remote Access Permission"
>
> OK, but you manually have to activate VPN and you must manually select the
> users or groups that have the right to use VPN. I don't see any security
> risk.
>
> regards Jens
> www.nt-faq.de
 
You must log in or register to reply here.

Similar threads

O
How to refresh AD Group policy to users and devices that are permanently remote with VPN?
Replies
0
Views
72
Oneil Matlock
O
M
Active directory - Fine Grained Password policy does not work for AD users
Replies
0
Views
63
Matias Ignacio Catril Opazo
M
S
Kerberos klist delays but only for some accounts (on Cisco AnyConnect VPN)
Replies
0
Views
17
sphar
S
C
After installing RDS on a Windows Server 2022, outgoing RDP connections are not functioning for domain users, unlike other clients.
Replies
0
Views
51
ChameeSam
C
J
Internet connection is lost at random times when Windows VPN is active
Replies
0
Views
67
Jeff Benson1
J
Back
Top Bottom