Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how to enable dial in access for multiple users in active directory

Posted on 2006-11-19
9
Medium Priority
?
3,265 Views
Last Modified: 2008-01-09
Ok I have a server running Server 2003, I have just finished configuring it for users to dial in and authenticate.  My problem is that I have a lot of users already added to active directory, and instead of having to go one by one into their properties and click the dial in tab and tell it allow access, I would like to know if it is possible to allow access to all the users at once, maybe via a command line or something.

Can anyone out there help me?  Thanks
0
Comment
Question by:stangrrrr2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17976253
You should be able to allow all users access by changing the RRAS policy. To do so  open the RRAS (Routing and Remote Management Service) management console, expand your server name, click on Remote Access Policies, in the right hand window right click on "connections to Microsoft Routing and Remote Access Server" and choose properties, at the bottom of the 'page' select "Grant Remote Access Permission". Leaving at the default "deny..." requires individually changing each account"
However, the default on a user profile is "control access through Remote Access Policy". If this has been changed to "deny access", I think it will override the policy change.
0
 

Author Comment

by:stangrrrr2
ID: 17976571
Is that still applicable if we're using IAS?  The control access through Remote Access Policy selection is greyed out because I have not configured Routing and Remote Access under that snap-in for fear of it making changes to what I have done so far.  I'm still wet behind the ears with Server 03 and I'm real happy to have it working correctly so far.

I have been trying to make the changes by using admodify.net but after I make the change to allow on the dial in tab and click go, the changes dont stick.  There are no errors in the .xml log file it creates and it seems like it thinks it has worked correctly, but to get back on track can I use the method listed above without messing up the configuration in IAS?
0
 

Author Comment

by:stangrrrr2
ID: 17976624
The policy you mentioned reminded me that I had saw it under the IAS snap-in and I can edit the same policy there (same by name at least, i dont know if it changes the same option or options), but it does not change the settings on the accounts already in active directory.  I prefer to enable and disable access through the dial in tab as I think that will make it the easiest on me when I have to disable access for the accounts that get delinquent on a month by month basis.

I am really wanting to be able to make it as quick and easy as possible as I have one more server that I will be setting up for dial up access with about 2000 users on it and once each month I have to disable accounts that do not pay and if there is any way i could make it quick and/or automated, thats what i'm after.  This server only has about 700 users and I am using this one as "practice" so I can set up the other server as quickly as possible.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 17976666
Hi stangrrrr2. You are right you should get the same results using the same policy in IAS. Basically setting up IAS allows RRAS to "pass the buck" to it.
I'm sure some scripting fellow could create a way for you to efficiently make the "allow access" change, but I haven't seen any utilities to do so. Also there is no group policy allowing you to control that. You can create a user template which you could use for future users you add, but it doesn't help you now. The only suggestion I could make is if most of your users are allowed access, enable the policy, and then manually select those you want to deny access.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 1500 total points
ID: 17976711
Seems it can be scripted but I can't seem to find a clean simple version suitable for your purpose. If you would like to have a look 3/5th of the way down the page on this link has information pertaining to doing so with a couple of scripts. The first one is actually from a Microsoft site and is quoted on a dozen different sites:
http://eggheadcafe.com/ng/microsoft.public.windows.server.general/post353724.asp

This may be of some help too. From MS site ( http://www.microsoft.com/technet/itsolutions/network/ias/iasfaq.mspx#EOBAC )
"IAS in Windows Server 2003 allows you to ignore the dial-in properties of user and computer accounts during connection attempt processing. To enable this feature, set the Ignore-User-Dialin-Properties RADIUS attribute to True. For more information, see"; http://technet2.microsoft.com/WindowsServer/en/library/2a041150-42f9-4a60-ab18-6de8ab231ee71033.mspx?mfr=true
0
 

Author Comment

by:stangrrrr2
ID: 17979951
bleh, i give up.  evidently there's some sort of bug with allowing access on the dial in tab through all these scripting methods.  i guess i'll have to do it manually.  i never really understood why some people were so anti-windows but after migrating 3 servers from nt to 03 i can now understand where they're coming from

thanks for your help
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17982346
Very welcome stangrrrr2, sorry we couldn't come up with a better solution.

>>"migrating 3 servers from nt to 03 "
Big jump, which usually requires a fair amount of manual "tweaking". Been there, done that, and it's not fun....unless time is not a factor.

>>"i never really understood why some people were so anti-windows "
I agree there are lots problems or issues, but have you found something better that is as versatile, the customer is happy with, and support is available.  :-)  I'm still searching.

Thanks stangrrrr2, good luck with it.
--Rob
0
 

Author Comment

by:stangrrrr2
ID: 17982409
"I agree there are lots problems or issues, but have you found something better that is as versatile, the customer is happy with, and support is available.  :-)  I'm still searching."

Oh I'm not knocking it by any means, it beats trying to figure out the 101 flavors of linux by a long shot.

It's not all bad I guess, I did learn some stuff I didn't know by reading what you shared with me so thanks for that, and have a good turkey day and all that stuff   :)
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17982500
I'm in Canada, we already had our Turkey day, but thanks and enjoy yours !
--Rob
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question