Re: RAS Policy on Win 2000 AD

From: Michael D. Ober (obermd-._at_.-alum-mit-edu-nospam)
Date: 05/13/04 

Date: Thu, 13 May 2004 11:45:21 -0600

Thanks, I downloaded this document and started reading it. After a couple
of pages, I realized that this didn't answer my actual question of how to
use AD Security Groups to control remote access, so I went back to the IAS
MMC interface and started poking around the policies. I discoverd a policy
option that uses AD Security Group membership to permit or deny access.
This is the match I needed. Created a new security group with my remote
users as members and then configured both my IAS servers to use this group
to permit. Tested with one of our remote users and everything worked
perfectly. Made the same change to my backup IAS server.

Mike.

"Steven L Umbach" <sumbach@N0spam.ameritech.net> wrote in message
news:eJPmBPHOEHA.556@tk2msftngp13.phx.gbl...
> Hi Mike.
>
> I believe the IAS server needs to be a member of the domain in which case
> you create the security group in Active Directory Users and Computers and
> then use that group in your Remore Access Policy on the IAS server by
> selecting add and then Windows groups [of course you need to add
appropriate
> users and maybe computers to the group]. The link below to an excellent
> white paper from MS on 802.1X deployment in a lab may be helpful as it
goes
> into detail about what you are asking about in a step by step
shion. ---
> Steve
>
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=0f7fa9a2-e113-415b-b2a9-b6a3d64c48f5&DisplayLang=en
> http://tinyurl.com/vz3l -- same link in case of wrap
>
> "Michael D. Ober" <obermd-.@.-alum-mit-edu-nospam> wrote in message
> news:OY9mOnDOEHA.3012@tk2msftngp13.phx.gbl...
> > I have an IAS server working as a Radius server that is registered in
AD.
> > How do I create a Security Group that has "Dial-In" access and then
> publish
> > this group to my IAS Server?
> >
> > Thanks,
> > Mike Ober.
> >
> >
>
>

Relevant Pages

  • Re: RAS Policy on Win 2000 AD
    ... believe where you edit the Remote Access Policy "specify conditions to match" on the ... > use AD Security Groups to control remote access, so I went back to the IAS ... > option that uses AD Security Group membership to permit or deny access. ... Made the same change to my backup IAS server. ...
    (microsoft.public.win2000.active_directory)
  • Re: RAS Policy on Win 2000 AD
    ... believe where you edit the Remote Access Policy "specify conditions to match" on the ... > use AD Security Groups to control remote access, so I went back to the IAS ... > option that uses AD Security Group membership to permit or deny access. ... Made the same change to my backup IAS server. ...
    (microsoft.public.win2000.ras_routing)
  • Re: RAS Policy on Win 2000 AD
    ... believe where you edit the Remote Access Policy "specify conditions to match" on the ... > use AD Security Groups to control remote access, so I went back to the IAS ... > option that uses AD Security Group membership to permit or deny access. ... Made the same change to my backup IAS server. ...
    (microsoft.public.win2000.security)
  • Re: RAS Policy on Win 2000 AD
    ... option that uses AD Security Group membership to permit or deny access. ... Made the same change to my backup IAS server. ... > Hi Mike. ...
    (microsoft.public.win2000.security)
  • Re: RAS Policy on Win 2000 AD
    ... option that uses AD Security Group membership to permit or deny access. ... Made the same change to my backup IAS server. ... > Hi Mike. ...
    (microsoft.public.win2000.active_directory)