Q
Problem solve Get help with specific problems with your technologies, process and projects.

How do I restrict access to certain sections of our company's intranet?

How do I let a remote user (an outside sales rep) have limited access to the company intranet (e.g., certain reports)? Currently our network is an NT4 domain with a Win2k IIS server for intranet. The firewall is a Symantec Enterprise Firewall version 7 on an NT4 SP6a, but not a member of the domain. Company sales reps are given access to the intranet via a VPN tunnel on the firewall and can access critical areas with NT authentication. The majority of the intranet is available to inside users and sales reps through "IUSR." However, some of these areas should not be available to this remote user. Do we direct this user to a different homepage, use Terminal Server or something else? I am mainly looking for a direction to go with this for the best security.
There are many factors to consider here. The "best" security will depend on how you are set up and exactly what you wish to accomplish. One method, the easiest way to restrict this user's access, is to use file permissions. Make IUSR_ computername only able to access those areas that should be seen by anyone. Remove access for this account to any sensitive areas. Then create a user group for other "internal" users and give that group permissions to folders and files that you want to protect. Add approved users to the group. When a user accesses the protected files, their credentials are checked, as is their group membership. Your remote user won't belong to an approved group and thus will be denied access.

Another way to restrict access would be to provide a separate server for these "everyone and my remote user can look see." You then need to set up permissions, etc. for each server and maintain them as well. If your user is VPNing in, and you've set encryption and authentication as securely as you can, you've already mitigated substantial risks. Now finesse the design until you're happy it works as you want. Document it and be aware that you'll need vigilance to keep it working correctly.

Dig Deeper on Windows 10 security and management

Solve SQL Server permissions and authentication problems For the past two weeks I've been trying to resolve a permissions problem, an authentication problem, or both. I've run out of ideas of where to look. Here is what I have: (1) SQL Server 2005 on a Member Server (2003) (2) I'm running Visual Studio .NET 2005 on my work station. (3) I can access the SQL Server data from within my .NET project. (4) If I access the website from outside my .NET project, I get Login Failed for user NT_AUTHORITY/NETWORK SERVICE. This happens on any PC and even the member server that houses SQL and the Intranet site IIS. (5) The reason I think I have a permissions problem is because of the behavior of two seperate test projects. Project #1 uses PROFILES to save state. When the program gets to this line of code, the Login Failed message appears. In project #2, I'm not saving state. But when the code attempts to gather data into a dataset, the program halts with the Login Failed message. Can you give me specific instructions on where to look and what to try?

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

The article discusses options for a single user. I'd like to add that for a situation when you have multiple users or potentially will have, a thought through site map and access model with user groups will save from a lot of trouble. Make sure to test that!
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

Close