Prev: Remote App in 2008 R2
Next: Help needed with IIS 7
From: Lee Harris at Alight Lee Harris at on 10 May 2010 09:58
The setup:

-A Win2003 server at a hosting site, configured for VPN access.

-The Win2003 server has 2 users configured, e.g. Bill and Fred. Each has
the 'Allow access' selection for "Remote Access Permission (Dial-in or VPN)"
on their individual properties page.

-The Win2003 server has 3 shared folders, with share names "Everybody",
"Bills Folder", and "Freds Folder", as implied, the 'Everyone' group has read
access via the 'Permissions' settings of the shared directory properties.
Bill and Fred each have full control via the Permissions settings
individually to their respective shared folders.

-3 different client computers attempt to access these shared folders via VPN
setup: John (Win XP), Mary (Vista), and Louise (Windows 7). Note that the
individual login/pws for these clients DO NOT EXIST on the Win2003 server. In
each case, they connect to the Win2003 server using either Bill or Fred's
login/pw as setup via Remote Desktop directly on the Win2003 server.

Observed Behaviors:

-All 3 client PC users can successfully connect to the Win2003 server via
the VPN, using either Bill or Fred login/pw for the VPN, and when prompted in
Windows Explorer, and all 3 shared folders appear in their Windows Explorer
under the 'Network' folder icon. In addition, all 3 can double-click and view
the contents of the "Everybody" folder.

-HOWEVER, only the XP and Windows7 clients can successfully double-click on
"Bills Folder" or "Freds Folder" (depending on which was used to log into the
VPN and when prompted by Win Explorer. The Vista client ALWAYS gets an
access denied message when attempting to access either "Bills Folder" or
"Freds Folder".

-IF, however, the Windows2003 server is configured with a user that matches
the Vista user's Vista PC login, and that user is given access to either
"Bills Folder" or "Freds Folder", then the Vista client CAN view the folder
contents.

Reviewing the Win2003 servers Security log in its Event View shows that the
Vista client, compared to the other two, seems to only use the Vista login
credentials when the attempt to access the shared folder is made, whereas the
other two clients seem to use the credentials supplied in the dialog that
appears when the first shared access attempt is made.

Does this seem like an accurate assessment of what's going on, and, if so
and more importantly, is there any way to avoid having to create a matching
user on the Win2003 server for each Vista client?



Thanks enormously for any insights and suggestions...
 | 
Pages: 1
Prev: Remote App in 2008 R2
Next: Help needed with IIS 7