15,000 student accounts on active directory, single domain, Win2003.
3,000 staff accounts.
Staff should access VPN and Wireless.
Students should access Wireless only.
Cisco VPN 3000 Concentrator.
Cisco Wireless Access Points, LEAP, (going to migrate to Aruba in the future).
On Active Directory, option I need to keep option "Allow dial-in" on Student accounts set to "Allow". That way students can access wireless. The problem is that would let users launch a Cisco VPN client and connect to our corporate network. I want to restrict that for students.
How can I solve this situation ?