Ask the Expert

What tools can limit users' acess to applications and network resources?

I have SharePoint sites that are being accessed by the public (vendors, consultants, etc). They require an account in Active Directory for authentication. Can you suggest how to set the accounts so that on-site users cannot log in to the network?

Requires Free Membership to View

It almost sounds like an SSL VPN would do the trick. An SSL VPN creates a secure tunnel over an HTTP connection. Unlike an IPsec VPN, which is a hardware product configured on a specialized router, an SSL VPN is a Web-based application.

Another key difference between the two VPNs is that an IPsec VPN connects a client, or workstation, to a network. An SSL VPN connects an individual user to an application. The SSL VPN can be finely tuned to only allow outside vendors and consultants access to specific applications, rather than the whole network.

Two well-known vendors of SSL VPNs are Juniper Networks Inc. and Aventail Corp.

Alternatively, you could set the group policy objects (GPO) within Active Directory for outsiders logging in. GPOs can be set to limit specific users' access to network resources, while allowing access to specific files containing the applications they need.

Either approach -- the SSL VPN or setting the GPOs -- can provide you limited access requirements.

More information:

  • Read a book chapter on VPNs and encryption.
  • Learn the costs of maintaining a VPN.
  • This was first published in December 2006