File Sharing on W2K VPN

[ajahrens]

Intranet:

DC:
W2K Server
domain controller and file server configured with active directory and routing and remote access, DNS and DHCP. Two file shares established A and B. Permissions on A set to full for A, Permissions on B share set to allow full sharing for B, full sharing for Domain Admins and full sharing for Enterprise Admins.
VPNSRVR:
W2K Server
Multihomed. One interface to public network, one to private
network. Relay Agent configured to DC.
Inside Client:
W2K Professional
4 users, Administrator, A, B, J. A has full access to A share, no access on B share. B has no access to A, full access to B. Administrator has no access to A, full access to B. J can access neither.
SO FAR SO GOOD.
VPN:
W2K Pro
OutClient has only an administrator account and a Virtual Private Connection interface in Network Neighborhood. J cannot dial in (access denied under RRAS). Administrator and A and B can all dial in.
Now stuff starts. All cannot access A (I want A to access A) and all can access B.

Any ideas as to how I configure the VPN to limit access to the shares appropriately?