Through the default role we allow all domain users to logon for access to OWA. All of the roles are mapped to Active Directory groups. There are some users that now need to be blocked from remote access. Is there a good way to create a role to block access to the IVE?
When I want some one to be denied to access, I put in the top of role mapping, a mapping without any role attributed and the checked as stop rule.
With out any roles atributted, IVE will return a message like "You are not allowed to sign in".
Flip_pipe's method is a good one. If you want to manage the users yourself, I'd go with his approach. It's fast and clean.
If you want another person in your company to be able to manage who has remote access without giving him or her access to the IVE console you may want to do the following.
1. Create an AD group for users who can have remote access: "VPNusers"
2. Add only the users who are allowed to use the VPN to that AD group.
3. Change the role mappings on your default role to an AD group membership for the "VPNusers" group.
4. Use the role merging option on the Realm
This method is a bit more granular and would potentially allow you to selectively block or allow VPN Tunneling, OWA, Terminal Services and any other remote access methods you're using.