Re: RAS and VPN policies - help

---

• From: "Michael" <admin*_mperrin*_co*_uk>
• Date: Mon, 19 Mar 2007 17:09:40 -0000

---

For anyone who wants to know i sorted this.

I noticed the RAS server was on the old NT domain so stuck on AD domain and
everything works.


"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:O$06mDxZHHA.4832@xxxxxxxxxxxxxxxxxxxxxxx

"Michael" <admin*_mperrin*_co*_uk> wrote in message
news:OPgom6wZHHA.3520@xxxxxxxxxxxxxxxxxxxxxxx

(I'm posting this same message here - i've also posted in server security
but it kind of falls under AD as well so hoping more people can help).



Hi,

We have NT users and a VPN server. Each NT user can VPN in if they have
the
'grant dialin' box ticked. We have a VPN policy on the VPN server for
this.
Everything works fine.

A while ago i noticed that any AD user could VPN in by default. The
property
for each user was default to 'control access through remote access
policy'.

So the other day i set a policy that said deny was the default. This
works
fine. Now each AD user has to have 'Allow Access' ticked for them to be
allowed to VPN in.


My first qustion is why is it that we have to have two policies - one for
NT
users and one for AD users?

I don' t believe that is accurate.

My second question is on our seperate RAS server we have a similar policy
for NT users. The policy works fine.

However everything i try to do to set up a policy for AD users on our RAS
server does not work. It just won't let an AD user RAS in.

You set ANY user for on of three settings: Allow, Deny, or Control
through
the policy.

AD doesn't know they are NT-users, i.e., going to be at an NT station.

My second question is does anyone know why this is and what i can do to
start checking?

There may be a "client OS" setting in the policy but other than that this
should not matter.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

.

---

• References:
  • RAS and VPN policies - help
    • From: Michael
  • Re: RAS and VPN policies - help
    • From: Herb Martin

• Prev by Date: Re: question on sites and WINS
• Next by Date: Re: Disk sharing from a "foreign" domain
• Previous by thread: Re: RAS and VPN policies - help
• Next by thread: Re: user wants to login to several computers simultaneously
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: New installed VPN Problem: user cant autheticate ... important for RAS. ... > the RAS and IAS server group? ... >> Networking, Internet, Routing, VPN Troubleshooting on ... >> for VPN and dial-in. ... (microsoft.public.windows.server.networking) RAS und VPN ... ich habe eine Frage zu RAS und VPN. ... VPN eingerichtet und kann auch im internen Netzwerk eine VPN Verbindung mit ... einem Client zu dem Server aufbauen. ... (microsoft.public.de.german.windows.server.networking) L2TP/IPSEC - error 678 ... for both VPN and wireless connections. ... RAS server has a public IP ... When I attempt the L2TP connection it behaves as if it were a firewall ... (microsoft.public.win2000.ras_routing) Setting up a VPN through a USR9003 router ... WXP clients (users with RAS enabled logins) can dial in via modem and access ... A WXP client set up new VPN connection to connect via PPTP to the US ... It basically involves the connection of a VPN client to a VPN server ... (microsoft.public.isa.vpn) RAS and VPN policies - help ... We have NT users and a VPN server. ... We have a VPN policy on the VPN server for this. ... However everything i try to do to set up a policy for AD users on our RAS ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2007-03