ENS policies

[gosicnarf]

Hello,

I set a particular group to "Users can access this service" in the policies tab for ENS. "The User may be assumed".

I also set the Default Rights(system policies) = are ignored

so only those listed "is granted to" have access to it?!

but still, it seems all other users not listed in the group can access the service specially the port i allowed...

did i made it right? i'm trying to avoid using the WGIC so i only need to set the wingate server...

please help...

Thanks...

[ChrisH]

Hello,

Do you have other groups or users listed in the ENS policy - e.g. Everyone? If you do then those policies may indirectly grant rights to the particular port. WG looks at all policies before determining whether or not to grant access. Perhaps you may need to specifically not allow that port in the other groups. If this doesn't work for you then we need to know more information. What is your version of WG? Network setup - eg is WG in a domain, standalone, 1 or 2 network cards etc. Let us know.

[gosicnarf]

No, i only have one group listed on it...

How can i specify the rest of the group which are not authorized?

My wingate version is 5.2.3
PC 2 Lan cards
No domain

[ChrisH]

OK first you should upgrade to WG ver 6.11. No cost to do so. This will give you all patches and bug fixes since 5.2.3. and the same functionality of 5.2.3(meaning you won't have new features of WG ver 6 - such as IMAP4 server). Try that and see what happens.

[gosicnarf]

still the same...

Adding a TCP Mapping Service works on a particular though...

But how can i specify a range of ports e.g. 1024-4096 to be restricted on a certain group alone?

This is what i'm trying to achieve, i was thinkin that ENS only has this option.. right?!

[ChrisH]

OK. I stand to be corrected (and please do) but I believe the ENS service applies across the board to all users/machines at a level lower than the general policies. So if you want to dictate which user or group can have access to a range of ports using NAT then I would suggest in System policies to apply the following criteria to the Everyone group under the Advanced settings: (but before you do make a backup of WG registry settings- Ver 6.x go to Start ->All Programs->WinGate->Advanced Options->Registry -> click on Export Settings and save somewhere)

Filter1
This criterion is NOT met if Server port number greater than 1024
This criterion is NOT met if Server port number less than 4096

Then in ENS service create a policy for each user or group, with authentication level required, that you want to have access to all ports and set the Default rights (System policies) to may be used instead. That way all other users still can use NAT- just not those ports. Is that what you were trying to achieve?