Windows 2000 and VPN

I have a number of notebook users accessing my network using a VPN connection with Checkpoint Firewall 1 and Checkpoint SecuRemote client software. Everything works well for Windows NT 4 based notebooks but Windows 2000 clients cannot map or browse network drives unless they have the allow dialin flag set on their user accounts AND they are part of the domain administrators group. The W2K clients can do everything else (ping machines on the network, net view and list machines on the network, view machines on the network using network neighborhood etc).

I am running a mixed mode W2K domain.

Can anyone tell me what permissions these W2K clients need and how I can get these permissions assigned to a dial-in users group?

 

jcrompton

What OS are the remotes calling into? NT or W2K?

If it is W2K and probably NT you should install the NETBEUI protocol on both ends! This will allow browsing of the network!

Mike

 

If they're dialing into a Windows 2000 server running RRAS check out your Remote Access Policy. You may be limiting your users' abilities in the policy. This would only affect Windows 2000/XP users.

 

Thanks for the input. Some clarification on the situation:

1. We are running a mixed mode Windows 2000 and NT domain as a child of a W2K root domain. The PDC emulator is a W2K DC.

2. W2K remote clients can access the network, see all the PCs and servers on the network, access the intranet server with a web browser but they cannot map network drives or access mapped network drives UNLESS they are in the domain administrators group (not good).

3. NT remote clients have no problem accessing or mapping network drives.

4. The hosts and lmhosts files on all remote clients are identical.

5. We are not running NETBEUI but I will give it a go

6. We do not run any RAS server or VPN server so I am not convinced that remote access policies apply here.

J

 

Ok, my bad...I re-read your original post where you stated using Checkpoint VPN software. I was thinking for some reason you were utilizing the Microsoft implementation of VPN connectivity. I'm not familiar with Checkpoint's products but on their site it looks as if there are access policies defined in their products so I wouldn't rule that out.

Since adding the users to the Domain Admins groups grants them access, this tells me the problem may lie more in the users accounts rather than the OS. Perhaps these users simply don't have the appropriate permissions to these shares defined at the user and/or group account level.

 

Mmmmmmm

Doesn't explain why the same user on Windows NT can browse mapped drives OK and when using W2K cannot access the self same mapped drives.

It has to be a permissions thing but I cannot for the life of me see where.

J