Cecelia, There are multiple ways to organize the rules depending on whether you
want to start from a permissive or a restrictive stance. (eg. reject all except for those specifically allowed, or allow all except for those specifically rejected). Here is one way to only restrict the dials into a specific guest and allo w all dials to other guests. Move the ACCEPT * DIAL from the override file to the default file. Then in the user rules for the specific guest you want to restrict access to, code ACCEPTs for what is permitted followed b y a REJECT * DIAL. Something you need to be aware of is that the DIAL command is issued before logon, so you're not authenticating a person, you're authenticatin g a terminal address. Use care to insure that this is sufficient for the security you're trying to implement. Brian Nielsen On Wed, 19 Jul 2006 14:01:35 -0000, Dusha, Cecelia Ms. WHS/ITMD <[EMAIL PROTECTED]> wrote: >Hello, > >I have VM:Secure as our external security manager. I need to restrict >access to one of our level 2 systems. I thought the DIAL command could be >used to restrict access. > >In the VMXRPI CONFIG file I have the following coded: > VMXTRAP DIAL >CP has been build with this. > >I have the rule 'ACCEPT * DIAL' in the OVERRIDE file. I know this would >need to be removed. > >What I don't know is how to code the rule to permit one to DIAL for a >specific level 2 machine. Is it coded for the userid itself? Once this is >implemented, will it prompt me for my userid and password when I invoke the >DIAL vmuserid command? > >Please advice. > >Thank you. > >Cecelia Dusha >======================== ========================= ========================
