Re: RRAS 2003 default policies - what are they good for ????

---

• From: "Bill Grant" <not.available@online>
• Date: Sun, 6 Nov 2005 10:33:25 +1100

---

Default policies are usually pretty basic. From my experience, the
default remote access policy lets a Microsoft client connect. It does all I
need it to do in a simple test setup. If you want to apply restrictions, you
need to set up your own policies. See

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/fc353fbb-4df4-4b36-b14a-20cbbad43494.mspx


Armin Linder wrote:
> After I have installed the RRAS server, I find two predefined
> policies:
> "Connection to Microsoft Routing and Remote Access server"
>
> Ok, great description, really. This means that I may use this server
> by crossing it and accessing my LAN, or does it mean that I may
> access this server (for admin purposes, for instance ...)?
>
> Looking into the policy, it contains a deny rule, condition:
> MS-RAS_VENDOR="^311$"
>
> I found no documentations anywhere about MS-RAS-VENDOR, or the quite
> strange format of the number.
>
> Looking deeper into the policy, in the IP tab, I find an input packet
> filter (user IP/user mask -- any), but no output packet filter.
> Strange...
> "Connections to other access servers"
>
> What the heck are "other access servers" (assuming I have only one
> server running RRAs)?
>
> Again, looking into the policy, I find a deny rule
> "Day-and-time-restrictions", value is "Mo -- So, 00:00-00:00). So I'd
> read that as deny anyone access any time.
>
> Doesn't make any sense either, does it? And this time, on the IP tab,
> there are no input or output filters.
>
> Who can clarify, what the default policies are about?
>
> Thanks, Armin


.

---

• References:
  • RRAS 2003 default policies - what are they good for ????
    • From: Armin Linder

• Prev by Date: RRAS 2003 default policies - what are they good for ????
• Next by Date: Re: Urgent VPN Server with l2tp/ipsec help!
• Previous by thread: RRAS 2003 default policies - what are they good for ????
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Move W2K3 server to its own OU seperate from SBS (MyBusiness) OU ... I would like to filter these two ... policies from inheriting the default domain policies of the SBS server. ... Policy it is because I cannot manage it from the local machine. ... (microsoft.public.windows.server.sbs) Re: Move W2K3 server to its own OU seperate from SBS (MyBusiness) OU ... OU and move the member server to so that it does not inherit it's GPO from ... policies from inheriting the default domain policies of the SBS ... section of the default domain policy. ... In direct answer to your question, you would need to filter this ... (microsoft.public.windows.server.sbs) Re: SBS DCOM ... The doamin policies cahnged, but the local policies of the ... steps to reset the group policy objects to default, ... there are only 9 default group policies on the SBS server. ... Small Business Server Auditing Policy ... (microsoft.public.windows.server.sbs) Re: Move W2K3 server to its own OU seperate from SBS (MyBusiness) OU ... policies from inheriting the default domain policies of the SBS ... you would add the server$ account in the "security filtering" ... section of the default domain policy. ... (microsoft.public.windows.server.sbs) Re: How to allow users to create groups and shares ... Add the user/group to the Computer configuration, windows settings, security settings, Local policies, "Allow logon locally" in the Default domain controllers policy and on a existing or new created policy for the member servers. ... Filtering: Not Applied ... check with GPMC on the server or from a client the policy settings. ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)