Discussion:
Restrict VPN to single session
(too old to reply)
Tyler Durden
2010-02-06 21:37:26 UTC
Permalink
How restrict users to single session on VPN? Windows 2003 Server Standard.

Thanks.
Ace Fekay [MVP-DS, MCT]
2010-02-07 23:02:59 UTC
Permalink
Post by Tyler Durden
How restrict users to single session on VPN? Windows 2003 Server Standard.
Thanks.
Search in this link for "How to Modify the Number of Simultaneous
Connections"

How to install and configure a Virtual Private Network server in ..To change
the number of simultaneous connections, follow these steps: ... Click Allow
access to grant the user permission to dial in.
http://support.microsoft.com/kb/323441

Just in case for others that have Windows 2000, search this link for "How to
Install and Enable VPN"

How To Install and Configure a Virtual Private Network Server in ...Type the
maximum number of simultaneous PPTP connections that you want ....
http://support.microsoft.com/kb/308208
--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.
Tyler Durden
2010-02-08 00:25:19 UTC
Permalink
Hi Ace, thanks, but I would like to restric users to single session; by
default the same user can connect many times.
Post by Ace Fekay [MVP-DS, MCT]
Post by Tyler Durden
How restrict users to single session on VPN? Windows 2003 Server Standard.
Thanks.
Search in this link for "How to Modify the Number of Simultaneous
Connections"
How to install and configure a Virtual Private Network server in ..To
change the number of simultaneous connections, follow these steps: ...
Click Allow access to grant the user permission to dial in.
http://support.microsoft.com/kb/323441
Just in case for others that have Windows 2000, search this link for "How
to Install and Enable VPN"
How To Install and Configure a Virtual Private Network Server in ...Type
the maximum number of simultaneous PPTP connections that you want ....
http://support.microsoft.com/kb/308208
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
If you feel this is an urgent issue and require immediate assistance,
please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Ace Fekay [MVP-DS, MCT]
2010-02-08 03:57:15 UTC
Permalink
Post by Tyler Durden
Hi Ace, thanks, but I would like to restric users to single session; by
default the same user can connect many times.
Oh, I see, sorry, I posted that too quickly.

By default, as far as I know, unless someone else has a better suggestion or
I'm overlooking a setting somewhere, there is no native way to restrict a
user to one concurrent session, other than going third party. I have many
customers using Cisco ASA 5505 or a Pix 501 or Pix 506e. With those devices,
or other similar solutions, you can restrict one VPN session per user.

I also found the following if you want to pursue this with Windows RRAS.
However, my suggestion is to use a third party.

Routing and Remote Access Blog : Limit one connection to the VPN ...Jul 17,
2008 ... Hello all, I thought it would be worthwhile to blog a post
specifically on this topic. I've seen quite a number of people having this
...
http://blogs.technet.com/rrasblog/archive/2008/07/17/limit-one-connection-to-the-vpn-server-per-user.aspx

Also, not sure what RRAS is installed on, but I highly suggest to not have
it running on a DC.

Ace
Ace Fekay [MVP-DS, MCT]
2010-02-08 05:31:56 UTC
Permalink
Post by Ace Fekay [MVP-DS, MCT]
Post by Tyler Durden
Hi Ace, thanks, but I would like to restric users to single session; by
default the same user can connect many times.
Oh, I see, sorry, I posted that too quickly.
By default, as far as I know, unless someone else has a better suggestion
or I'm overlooking a setting somewhere, there is no native way to restrict
a user to one concurrent session, other than going third party. I have
many customers using Cisco ASA 5505 or a Pix 501 or Pix 506e. With those
devices, or other similar solutions, you can restrict one VPN session per
user.
I also found the following if you want to pursue this with Windows RRAS.
However, my suggestion is to use a third party.
Routing and Remote Access Blog : Limit one connection to the VPN ...Jul
17, 2008 ... Hello all, I thought it would be worthwhile to blog a post
specifically on this topic. I've seen quite a number of people having this
...
http://blogs.technet.com/rrasblog/archive/2008/07/17/limit-one-connection-to-the-vpn-server-per-user.aspx
Also, not sure what RRAS is installed on, but I highly suggest to not have
it running on a DC.
Ace
Oh, is this SBS? I now realize that you've cross-posted it to the SBS group,
If it is, RRAS can run on it and is configurable with the wizard, but it's
still suggested to move it off, since it still creates a multihoming
scenario.

If not SBS, and it's a DC, I definitely suggest moving it elsewhere off a
DC.

btw - There's also the following tool, but I am not sure if it works with
RRAS.

How to Use a Network Share to Limit a User's Concurrent ...To restrict
concurrent logons for specific user accounts, use this logon script or
incorporate the script in an existing logon script. ...
http://support.microsoft.com/kb/260364

Ace
Tyler Durden
2010-02-08 13:22:15 UTC
Permalink
not SBS, I'll try your suggestions, thanks! :)
Post by Ace Fekay [MVP-DS, MCT]
Post by Ace Fekay [MVP-DS, MCT]
Post by Tyler Durden
Hi Ace, thanks, but I would like to restric users to single session; by
default the same user can connect many times.
Oh, I see, sorry, I posted that too quickly.
By default, as far as I know, unless someone else has a better suggestion
or I'm overlooking a setting somewhere, there is no native way to
restrict a user to one concurrent session, other than going third party.
I have many customers using Cisco ASA 5505 or a Pix 501 or Pix 506e. With
those devices, or other similar solutions, you can restrict one VPN
session per user.
I also found the following if you want to pursue this with Windows RRAS.
However, my suggestion is to use a third party.
Routing and Remote Access Blog : Limit one connection to the VPN ...Jul
17, 2008 ... Hello all, I thought it would be worthwhile to blog a post
specifically on this topic. I've seen quite a number of people having
this ...
http://blogs.technet.com/rrasblog/archive/2008/07/17/limit-one-connection-to-the-vpn-server-per-user.aspx
Also, not sure what RRAS is installed on, but I highly suggest to not
have it running on a DC.
Ace
Oh, is this SBS? I now realize that you've cross-posted it to the SBS
group, If it is, RRAS can run on it and is configurable with the wizard,
but it's still suggested to move it off, since it still creates a
multihoming scenario.
If not SBS, and it's a DC, I definitely suggest moving it elsewhere off a
DC.
btw - There's also the following tool, but I am not sure if it works with
RRAS.
How to Use a Network Share to Limit a User's Concurrent ...To restrict
concurrent logons for specific user accounts, use this logon script or
incorporate the script in an existing logon script. ...
http://support.microsoft.com/kb/260364
Ace
Ace Fekay [MVP-DS, MCT]
2010-02-08 16:57:27 UTC
Permalink
Post by Tyler Durden
not SBS, I'll try your suggestions, thanks! :)
Scratch that SBS thing. I misread the newsgroup lists it was going to.

Try that idea, and let us know how it works out.

Ace

Loading...