Hey all..
have a new client, who's domain and emails we will be running for them on our w2k3/IIS6 server here at thePlanet. but they've asked that we also add VPN to their package so that they can "log in" to a hard drive area and then have access to files, a message board etc. etc.

this is something we've never "done" before, and I have some questions....for instance, is it possible to allow this client access to only a certain set of folders within their domain root so that they can have access -- but NOT to any other areas? are there any security issues with that access? what might this "cost" the server in terms of performance etc for the rest of the clients on that box?

also, can anyone provide an URL or two that might show us how to provide that service?

Jim

Yes, it's possible to restrict them to a specific area of the filesystem, but your permissions have to be tight. The security risks involved mainly deal with the fact that the remote machine would have direct access to your server as if they were on the same LAN. Like I said, make sure your security is tight. Depending upon how you implement it, one VPN user shouldn't cause too much of a performance impact, but the server does have to encrypt all the data traveling back and forth.

Personally, I wouldn't allow this kind of access to my servers.

I am in agreement with Kyle; this isn't a good idea in my book.
You might want to come up with an alternative and present that idea to your client that does the same thing they want while still being secure.

Historically, this has resulted in a lot of stress for our customers. It's very possible, but I would explore all options first.

Just give FTP access to them. That should give me all the access they require. There are quite a few Free FTP servers for Windows. First being Filezilla (which supports SSL) and ZFTPServer (no idea)