<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><b>Problem I want to solve:</b><br>
</p>
<p>We have 3 sites: A, B, and C.</p>
<p>Network admins should have access to all three. (this works
as-is).</p>
<p>Desktop support should only have access to their site. (Tech A to
site A, Tech B to site B, Tech C to site C).</p>
<p><b>How I think I can do it:</b></p>
<p>Working with keys?</p>
<blockquote>
<p>Admin's public key will be on all the client machines, and
thus, the client machines will always allow them in. But,
technician's public key will only be on the client machines that
they are allowed to manage.</p>
<p>Problem: I cannot find any configs that would support this.</p>
</blockquote>
<p><b>Working with routes and subnetting?</b></p>
<blockquote>
<p>Admin would have the routes to get to all machines, techs would
only have routes to get to their local subnet.</p>
<p>Problem: 1) Mesh routing defeats this. 2)Technicians can easily
change their subnet</p>
</blockquote>
<p><b>Firewalls on the client machines</b></p>
<blockquote>
<p>Client machines would block traffic from all other subnets
except the admin subnet and the local subnet.</p>
<p>Problem: I cannot control this on a per-technician basis. It's
an all or nothing thing.</p>
</blockquote>
How can I do this? (Looking at the configs, I think it's not
possible... or at least not possible in the way I am thinking about
it). I am open to suggestions / alternate tactics.
<div class="moz-signature">-- <br>
<!-- EMAIL SIGNATURE STARTS HERE -->
<br>
<table style="background: none; border-width: 0px; border: 0px;
margin: 0; padding: 0;" border="0" cellspacing="0"
cellpadding="0">
<tbody>
<tr>
<td style="padding-top: 0; padding-bottom: 0; padding-left:
0; padding-right: 7px; border-top: 0; border-bottom: 0:
border-left: 0; border-right: solid 3px #000000"
valign="middle"><img id="preview-image-url"
src="cid:part1.92F0885C.55659BA7@hph.io"></td>
<td style="padding-top: 0; padding-bottom: 0; padding-left:
12px; padding-right: 0;">
<table style="background: none; border-width: 0px; border:
0px; margin: 0; padding: 0;" border="0" cellspacing="0"
cellpadding="0">
<tbody>
<tr>
<td colspan="2" style="padding-bottom: 5px; color:
#000000; font-size: 18px; font-family: Arial,
Helvetica, sans-serif;">Michael Munger, dCAP,
MCPS, MCNPS, MBSS</td>
</tr>
<tr>
<td colspan="2" style="color: #333333; font-size:
14px; font-family: Arial, Helvetica, sans-serif;"><strong>Microsoft
Certified Professional</strong></td>
</tr>
<tr>
<td colspan="2" style="color: #333333; font-size:
14px; font-family: Arial, Helvetica, sans-serif;"><strong>Microsoft
Certified Small Business Specialist</strong></td>
</tr>
<tr>
<td colspan="2" style="color: #333333; font-size:
14px; font-family: Arial, Helvetica, sans-serif;"><strong>Digium
Certified Asterisk Professional</strong></td>
</tr>
<tr>
<td colspan="2" style="color: #333333; font-size:
14px; font-family: Arial, Helvetica, sans-serif;"><strong>High
Powered Help, Inc.</strong></td>
</tr>
<tr>
<td style="vertical-align: top; width: 20px; color:
#000000; font-size: 14px; font-family: Arial,
Helvetica, sans-serif;" width="20" valign="top">p:</td>
<td style="vertical-align: top; color: #333333;
font-size: 14px; font-family: Arial, Helvetica,
sans-serif;" valign="top">678-905-8569</td>
</tr>
<tr>
<td style="vertical-align: top; width: 20px; color:
#000000; font-size: 14px; font-family: Arial,
Helvetica, sans-serif;" width="20" valign="top">w:</td>
<td style="vertical-align: top; color: #333333;
font-size: 14px; font-family: Arial, Helvetica,
sans-serif;" valign="top"><a href="https://hph.io"
style=" color: #1da1db; text-decoration: none;
font-weight: normal; font-size: 14px;">hph.io</a> <span
style="color: #000000;">e: </span><a
href="mailto:mj@hph.io" style="color: #1da1db;
text-decoration: none; font-weight: normal;
font-size: 14px;">mj@hph.io</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<!-- EMAIL SIGNATURE ENDS HERE --></td>
</tr>
</tbody>
</table>
</div>
</body>
</html>