× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Unless you have some ceiling on # users in your software license, you could
mandate that a different sign-on is to be used for VPN vs. in-the-office.

Depending on your VPN (we just switched from CISCO to Sonic Wall), you can
have a PASSWORD for VPN that is different for different users. How easy is
it to disable there?

I assume in-the-office is from some workstation-id defined by client access
and/or WRKCFGSTS, where you could vary on-off certain work station
definitions, and/or entire clusters on some controller, make an adjustment
to the firewall with respect to which VPN IP addresses are currently allowed
in.

Normal challenge for me is trying to run backup, and other semi-dedicated
tasks, when large numbers of people may sign on whenever they please.

We had a situation where former eemployees left, who had worked in IT & knew
a lot about how to get around some systems, We chhnaged our HQ IP address
(with the ISPL) & then everyone who needed on had to get the new IP (this
was to satisfy some managers), what IT had done was merely to change all IT
passwords, and siable the stuff the former co-workers could get into.

On Sat, 8 Nov 2008 14:13:51 -0500, John Allen wrote
Thanks for the quick reply,

They want this to be real easy thing to do (disable/enable)
because it will be done quite often, don't want to
continually have to go into Active Directory to make the
changes if there is an easier way.

We do not want to disable User profile because they are
still allowed to use System i while in the office, just want
to stop the remote access.

My initial thought was some type of Subfile program that
displays all of the User Profiles and set a flag Allow
Remote Access Y/N.

But once I have the User Profile and the flag value I guess
I could write a program to run as there initial program and
if they are attempting remote access end the job.

Not sure how I can tell if they are coming in remotely
versus locally (in the office)

I was also hoping I did not have to write a program if
someone else already has, or if there is an inexpensive
solution available.

Thanks
For your suggestion about Active Directory, I will have to
see if that is possible solution

John

-----Original Message-----
From: David Wright [mailto:opendave@xxxxxxxxx]
Sent: Saturday, November 08, 2008 12:48 PM
To: Midrange Systems Technical Discussion
Subject: Re: How can I easily enable/disable remote access
by User

What sort of VPN hardware are you using?

Some grant/deny VPN access through Active Directory and some
through
internal user lists.

But if access to the i is the only thing you need to
restrict, couldn't you
just enable/disable user profiles on the i?

On Sat, Nov 8, 2008 at 9:03 AM, John Allen
<jallen@xxxxxxxxxxx> wrote:

We have some employees that access our System i remotely
(through a VPN)

--
This is the Midrange Systems Technical Discussion
(MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options, visit:
http://lists.midrange.com/mailman/listinfo/midrange-l or email:
MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment
to review the archives at http://archive.midrange.com/midrange-l.


--
WOW! Homepage (http://www.wowway.com)


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.