From: Larry Struckmeyer[SBS-MVP] on
Seems straighforward to me.... the bulk of the access will be site to site.
If you aren't using RWW for anything else, give the boss and the manager
RWW rights and no one else, and restrict the VPN RDP access to the ip of
the two routers.

RWW is MUCH more secure outside the secure tunnel anyway, unless you give
a mobile VPN client to the boss, but then he has to be using his own computer.
Make the boss and the manger members of the RWW group, forward the RWW ports
from the router to the SBS.

I am not familiar with those routers, but there is also the possibility that
you could use selective access at the router level if the use is not within
the tunnel.

The Boss:
"Knock Knock" on the door of the router at the office from somewhere on the
wild wild internet.

The router:
"Who's there"

"The Boss"

"What is your secrect handshake?"

(gives secret handshake)

"Enter Boss. I see by your ticket you wish to be taken down the corridor
to the SBS room to sign on to (Pick one) RWW or TS"

"Yep"

"Proceed at the speed of electrons"

"Thanks, I shall"


-Larry
-Please post the resolution to your issue so others may benefit.
-Get Your SBS Health Check at www.sbsbpa.com


> Thank you Sullivan adn Larry.
> Here is the situation. We have two sites and 8 users. the two sites
> are
> site-to-site VPN using Draytek2820 routers. The boss and another
> manager need
> to be able to login to TS from Remote Deskotp Connection from
> anywere(internet) but other users are allowed to Remote Desktop
> Connectin to
> TS only from within two sites. How to achieve this. What permission
> need to
> be set on SBS03 or TS. He doesn't want to use RWW unless there is no
> workaround. Thank you.
> "Larry Struckmeyer[SBS-MVP]" wrote:
>
>> Also:
>>
>> Please note that this venue is due to be closed in a few days/weeks
>> and you will get much more attention in the new SBS Forum hosted by
>> MS at the following location.
>>
>> http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/
>> threads
>>
>> You can either use your web browser, or if you prefer to use your
>> existing (or different) nntp news reader you can use one of the
>> official MS bridge applications, or the combined one on codeplex.com
>>
>> Official MS Bridge - Note two required.
>> http://connect.microsoft.com/MicrosoftForums/
>> Codeplex nntp bridge - only one required.
>> http://communitybridge.codeplex.com/
>> .
>>