ID Number: Q80860
2.10
OS/2
Summary:
Restricting remote users to specified networks is a security feature
that is not well known. This article describes security features made
possible through the RASLANNETS entry in the LANMAN.INI file.
More Information:
The example below illustrates why an administrator may want to
restrict remote users to a specific server network.
Example
-------
A development group is using Remote Access Service (RAS) to support
split-site development in the following manner:
---------------------
|RAS, SQL, LM server| \\SERVERNAME
---------------------
||
----Loopback----||---------------Corp Net-------------
where "servername" is a LAN Manager and a SQL Server that the group
is using for tracking bugs and for file sharing with a codeveloper.
The codeveloper uses RAS that runs on the server to access SQL Server
and the files on the server. The server is configured to operate over
the following two networks:
Loopback network
Corporate network
The RASLANNET LANMAN.INI parameter is set so that the developer can
access resources only in the loopback network. This parameter enables
the developer to copy files to \\SERVERNAME and access the SQL RAID
database; however, it prevents the developer from using resources on
the corporate network if he or she accesses the network from a remote
location.
If it becomes necessary for the developer to access more machines, the
loopback network can be changed to be a small LAN; it is not necessary
to use a loopback network, and place all other machines on that
network.
Additional reference words: 2.10 RASLANNETS security