Re: DialUp Access in MMC
From: Doug Sherman [MVP] (dsherman_at_nospam.tampabay.rr.com)
Date: 07/28/04
- Next message: molsonexpert: "Shadow Copy"
- Previous message: Doug Sherman [MVP]: "Re: DialUp Access in MMC"
- In reply to: Chris Gregurek: "DialUp Access in MMC"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 28 Jul 2004 11:47:32 -0400
Here's the explanation from
http://support.microsoft.com/default.aspx?scid=kb;en-us;304718#25 :
a.. The Dial-in tab that configures Routing and Remote Access dial-in or VPN
access and callback settings is removed when the Administration Tools
package is installed on Windows XP clients.
To manage dial-in properties on the user account, use the remote access
policy administration model. The remote access policy administration model
was introduced in Windows 2000 to address the limitations in the earlier
dial-in account permission model. The remote access policy administration
model uses Windows groups to manage remote access permissions.
Customers who use the recommended administration model, named remote access
policy administration model, can use the Administration package from Windows
XP to manage remote access permission for users in Active Directory.
Settings on the Dial-in tab are not typically used for VPN or wireless
deployments. There are several exceptions. For example, administrators who
deploy dial-up networks may use callback number. In these cases, use
Terminal Services or Remote Desktop to access a Windows 2000-based or a
Windows Server 2003-based computer, or log on to the console of a Windows
2000-based or Windows Server 2003-based computer to manage the Dial-in tab.
The remote access policy administration model has the following benefits:
a.. Detailed administration
Administrators who manage dial-in permission also must have access to the
whole user account. The user account has many more security properties. In
the policy administrative model, a separate group can be created to grant
dial-in permissions, and permissions to manage access to that group can be
granted to a different administrator.
b.. Groups for access control
Most Microsoft Windows programs use groups for access control. Groups
reduce the additional attempt of managing separate permissions network
access. You can use the same groups for controlling access to dial-up, VPN,
wireless network, or file shares.
c.. Precise connection-specific Access Policy control
There are many challenges that are introduced when you are deploying more
than one access technology at the same time. The permissions and the
settings for dial-up, VPN, and wireless technologies may be different. For
example, contractors may be permitted to access wireless networks but may
not be permitted to connect from home by VPN. Wireless may require different
security settings compared to VPN and dial-up connections. Callback settings
may be useful when you are connecting from a local area code, but you may
want to disable callback when the user is connecting from an international
phone number.
You can configure the remote access policy administration model in the
Remote Access Policies node of the Routing and Remote Access snap-in when
the domain is configured in Windows 2000 native mode or later. To remotely
manage the RAS dial-in tab in Active Directory Users or Computers or in
Internet Authentication Server (IAS) from a Windows XP-based computer, use
Terminal Services or Remote Desktop to access a Windows 2000-based or a
Windows Server 2003-based computer. Alternatively, log on to the console of
a Windows 2000-based or a Windows Server 2003-based computer to configure
these settings directly.
a.. Windows XP-based computers that are joined to Windows 2000-based domain
controller domains do not support the enhanced functionality to select
multiple users and to make bulk edits for attributes such as the home folder
or the profile path. The multiple-select functionality is supported in
forests where the schema version is 15 or later--for example, Windows Server
2003 ADDPREP /ForestPrep and /DomainPrep have been run in the Windows
2000-based forest and domain.
"Chris Gregurek" <anonymous@discussions.microsoft.com> wrote in message
news:5d2a01c474b0$10d754b0$a501280a@phx.gbl...
> There isn't one. it was removed in the xp admin pack for
> whatever reason. we found out if you install the 2000
> adminpak first (you'll get an error about compatibility)
> then install the xpadminpak over that you will have the
> tab. You have to do this on a fresh OS install though.
> since you already installed the xp pak it won't work even
> if you uninstall it.
- Next message: molsonexpert: "Shadow Copy"
- Previous message: Doug Sherman [MVP]: "Re: DialUp Access in MMC"
- In reply to: Chris Gregurek: "DialUp Access in MMC"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
