Re: RAS and VPN policies - help

Tech-Archive recommends: Fix windows errors by optimizing your registry


"Michael" <admin*_mperrin*_co*_uk> wrote in message
news:OPgom6wZHHA.3520@xxxxxxxxxxxxxxxxxxxxxxx
(I'm posting this same message here - i've also posted in server security
but it kind of falls under AD as well so hoping more people can help).



Hi,

We have NT users and a VPN server. Each NT user can VPN in if they have
the
'grant dialin' box ticked. We have a VPN policy on the VPN server for
this.
Everything works fine.

A while ago i noticed that any AD user could VPN in by default. The
property
for each user was default to 'control access through remote access
policy'.


So the other day i set a policy that said deny was the default. This works
fine. Now each AD user has to have 'Allow Access' ticked for them to be
allowed to VPN in.


My first qustion is why is it that we have to have two policies - one for
NT
users and one for AD users?

I don' t believe that is accurate.

My second question is on our seperate RAS server we have a similar policy
for NT users. The policy works fine.

However everything i try to do to set up a policy for AD users on our RAS
server does not work. It just won't let an AD user RAS in.

You set ANY user for on of three settings: Allow, Deny, or Control through
the policy.

AD doesn't know they are NT-users, i.e., going to be at an NT station.

My second question is does anyone know why this is and what i can do to
start checking?

There may be a "client OS" setting in the policy but other than that this
should not matter.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)


.

Relevant Pages

  • RE: Sandboxing
    ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ...
    (Focus-IDS)
  • Re: Remote Desktop thru VPN and Network Security
    ... You can use Remote Access Policies to configure exactly what users can ... access via their VPN connection. ... If you create a policy you can then edit ... infection if users are copying files back and forth between computers. ...
    (microsoft.public.security)
  • Re: Remote Desktop thru VPN and Network Security
    ... You can use Remote Access Policies to configure exactly what users can ... access via their VPN connection. ... If you create a policy you can then edit ... infection if users are copying files back and forth between computers. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Remote Desktop thru VPN and Network Security
    ... You can use Remote Access Policies to configure exactly what users can ... access via their VPN connection. ... If you create a policy you can then edit ... infection if users are copying files back and forth between computers. ...
    (microsoft.public.win2000.security)
  • RAS and VPN policies - help
    ... We have NT users and a VPN server. ... We have a VPN policy on the VPN server for this. ... However everything i try to do to set up a policy for AD users on our RAS ...
    (microsoft.public.windows.server.security)