MonocleMike
Technical User
I have a small network based on W2K Server SP3 acting as
DC in Active Directory and only 2 of the users (Mike &
Pete) have Dial-in permission. These users are also
restricted to logging in on their own machine - Mike on
Laptop1 and Pete on Laptop2. The machine restriction
works correctly when logging in on the network or doing a
full domain login using Dial-Up Networking BUT.... if they
log in to their laptop as a local user and then do a
dialup RAS session with their domain name and password
then it DOES NOT check their machine. THE DC hosts the
RRAS service and is declared to Active Directory and
appears to be using it because it correctly prevents users
other than Mike or Pete dialling in and requires the
correct domain password.
Any ideas how I can close this loophole?
DC in Active Directory and only 2 of the users (Mike &
Pete) have Dial-in permission. These users are also
restricted to logging in on their own machine - Mike on
Laptop1 and Pete on Laptop2. The machine restriction
works correctly when logging in on the network or doing a
full domain login using Dial-Up Networking BUT.... if they
log in to their laptop as a local user and then do a
dialup RAS session with their domain name and password
then it DOES NOT check their machine. THE DC hosts the
RRAS service and is declared to Active Directory and
appears to be using it because it correctly prevents users
other than Mike or Pete dialling in and requires the
correct domain password.
Any ideas how I can close this loophole?
