Actually we were discussing just access to data stored in Active Directory. Well-known security principals Interactive and Network are of not much use in this scenario.
Mika -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: 22. marraskuuta 2004 22:02 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Controlling access to AD based on the network tec hnology used Can you give some more information about the proposed solution? For example, should a VPN user only have access to certain applications? Should it be different access in the same applications? Information like that would be useful here. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mika Seitsonen Sent: Monday, November 22, 2004 2:51 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Controlling access to AD based on the network technology used Any ideas on how to control access to data based on network technology that is used to access AD. I.e. if the user is on the LAN versus when she is accessing the directory via VPN/dial-up or Web. She should have different level/authority to view and modify data stored in the AD when being attached to the LAN. I can't really think of anything else but establishing different forests/ADAMs and synchronizing the content. Alternatively, the control and different view of data should be programmed into a web application. Mika --- http://www.kouti.com <http://www.kouti.com/> List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
