Hi naia,
Your case is a pretty common usage. Basically you may want to configure NR built-in fire wall / ACL rules in either NR Configuration Explorer or NR Web Console to implement (a) and (b) you mentioned.
Here is an example:
Quote:
For example, you have:
1.Users: user1, user2, admin (when nobody sign in to NR, it runs under "Everyone" user)
2.Computers: pc1, pc2, pc3, pc4
3. Subnets: subnet1(pc1, pc2) , subnet2 (pc3, pc4)
Generally, subnet1 and subnet2 are isolated each other, user1 wants to access subnet1, user2 want to access subnet2, however the admin user may want to access all computers cross the subnets.
So need to setup the ACL rules in the Configuration Explorer for each computer:
1. pc1
Everyone: Block All
User1: Firewall On (or off)
admin: Firewall Off
2. pc2
Everyone: Block All
User1: Firewall On (or off)
admin: Firewall Off
3. pc3
Everyone: Block All
User2: Firewall On (or off)
admin: Firewall Off
4. pc4
Everyone: Block All
User2: Firewall On (or off)
admin: Firewall Off
When user1 signed into the NR network from anywhere, he can only see the PC1 and PC2. When he signed out, the NR service is running as "Everyone" user, that has "Block All" permission to those PCs, meaning one cannot access the PCS, nor even ping them. Similar to user2.
Regarding your questions:
1. Yes. You may want to sign in/register at least once to NR server on a new computer, so that the NR client service can cache the server's information. Later on, the service will automatically connect to the server without logging into NE.
2. For users to remotely access those computers, yes, no need to sign in NE on the remote computer, the NR client service can handle everything. For example, user1 want to access his PC (NR client) from his home using laptop, on his PC, no need to sign in NE, but the NR client service is running. User1 needs to sign in from NE from his laptop using NR account so that he gets permission to see his PC. The idea is similar to Windows domain, where a domain user can remote access a computer when he sign in to a Windows and gets granted proper permission.
3. Yes. You can use nrclientcmd tool to register a new computer
Quote:
For example:
nrclientcmd [-d DOMAIN] [-u USERNAME] [-p PASSWORD] [-register]
For more info, please run nrclientcmd /?
Thanks,
KevinZ - NeoRouter team