From: mike-newsgroup@-DELETETHISPART-.upcraft.com   
      
   Bryan Anderson wrote:   
   > This is the setup I have:   
   >   
   > My Laptop (Goofy) has three partitions, one of which is shared on my   
   > XP Home network.   
   >   
   > My Desktop 1 (Mickey) has four partitions, two of which are shared on   
   > the XP Home network.   
   >   
   > My Desktop 2 (Minnie) has three partitions, two of which are shared on   
   > the XP Home network.   
   >   
   > My friend has in his house, his laptop running XP Home.   
   >   
   > I have set up Desktop 1 (Mickey) to run as the VPN server as I have a   
   > static IP address. No major problems there, and my friend can log in,   
   > but he can see all the shares (ie, both shared partitions on Mickey,   
   > both shared partitions on Minnie and also my shared partition on   
   > Goofy).   
   >   
   > How do I restrict what he can see/access via VPN? I only want to give   
   > him access to one partition on Mickey and nothing else, but I do want   
   > all three of my PC's to be able to access all the shares on each   
   > other.   
   >   
   > As a total newbie to VPN, any idiots guides would be most welcome.   
   >   
   > Many thanks,   
   >   
      
   Windows XP Home has very little security features.  It is basically all   
   or nothing.  This is basically one of the major differences between the   
   XP Home and Pro editions.   
      
   You can hide certain shares somewhat by using a $ character as the last   
   part of the share name.  This restricts the share from showing up in the   
   browse list so they will need to know what the share is called to   
   connect to it manually.   
      
   You didn't mention what you are using to create your VPN so I don't know   
   if there is any way to restrict the internal IP's that a client can   
   connect to.  Generally if this is possible on a VPN setup you would   
   setup firewall rules on the incoming VPN connection to only allow VPN   
   clients to connect to certain IPs in the internal network and have the   
   rest blocked by a filter.   
      
   I didn't think that XP Home has the Incoming connection feature (PPTP)   
   in the network connections settings but if it does and that is what you   
   are using you might be able to change the properties in the connection   
   and remove the check box for TCP/IP network properties for "Allow   
   callers to access my local area network" to restrict them to only   
   connecting to the VPN end point computer.  As far as I know this is the   
   only level of restriction you can set on the XP Incoming connections VPN   
   feature.   
      
      
   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)