how to enable dial in access for multiple users in active directory

Ok I have a server running Server 2003, I have just finished configuring it for users to dial in and authenticate.  My problem is that I have a lot of users already added to active directory, and instead of having to go one by one into their properties and click the dial in tab and tell it allow access, I would like to know if it is possible to allow access to all the users at once, maybe via a command line or something.

Can anyone out there help me?  Thanks
stangrrrr2Asked:
Who is Participating?
 
Rob WilliamsConnect With a Mentor Commented:
Seems it can be scripted but I can't seem to find a clean simple version suitable for your purpose. If you would like to have a look 3/5th of the way down the page on this link has information pertaining to doing so with a couple of scripts. The first one is actually from a Microsoft site and is quoted on a dozen different sites:
http://eggheadcafe.com/ng/microsoft.public.windows.server.general/post353724.asp

This may be of some help too. From MS site ( http://www.microsoft.com/technet/itsolutions/network/ias/iasfaq.mspx#EOBAC )
"IAS in Windows Server 2003 allows you to ignore the dial-in properties of user and computer accounts during connection attempt processing. To enable this feature, set the Ignore-User-Dialin-Properties RADIUS attribute to True. For more information, see"; http://technet2.microsoft.com/WindowsServer/en/library/2a041150-42f9-4a60-ab18-6de8ab231ee71033.mspx?mfr=true
0
 
Rob WilliamsCommented:
You should be able to allow all users access by changing the RRAS policy. To do so  open the RRAS (Routing and Remote Management Service) management console, expand your server name, click on Remote Access Policies, in the right hand window right click on "connections to Microsoft Routing and Remote Access Server" and choose properties, at the bottom of the 'page' select "Grant Remote Access Permission". Leaving at the default "deny..." requires individually changing each account"
However, the default on a user profile is "control access through Remote Access Policy". If this has been changed to "deny access", I think it will override the policy change.
0
 
stangrrrr2Author Commented:
Is that still applicable if we're using IAS?  The control access through Remote Access Policy selection is greyed out because I have not configured Routing and Remote Access under that snap-in for fear of it making changes to what I have done so far.  I'm still wet behind the ears with Server 03 and I'm real happy to have it working correctly so far.

I have been trying to make the changes by using admodify.net but after I make the change to allow on the dial in tab and click go, the changes dont stick.  There are no errors in the .xml log file it creates and it seems like it thinks it has worked correctly, but to get back on track can I use the method listed above without messing up the configuration in IAS?
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
stangrrrr2Author Commented:
The policy you mentioned reminded me that I had saw it under the IAS snap-in and I can edit the same policy there (same by name at least, i dont know if it changes the same option or options), but it does not change the settings on the accounts already in active directory.  I prefer to enable and disable access through the dial in tab as I think that will make it the easiest on me when I have to disable access for the accounts that get delinquent on a month by month basis.

I am really wanting to be able to make it as quick and easy as possible as I have one more server that I will be setting up for dial up access with about 2000 users on it and once each month I have to disable accounts that do not pay and if there is any way i could make it quick and/or automated, thats what i'm after.  This server only has about 700 users and I am using this one as "practice" so I can set up the other server as quickly as possible.
0
 
Rob WilliamsCommented:
Hi stangrrrr2. You are right you should get the same results using the same policy in IAS. Basically setting up IAS allows RRAS to "pass the buck" to it.
I'm sure some scripting fellow could create a way for you to efficiently make the "allow access" change, but I haven't seen any utilities to do so. Also there is no group policy allowing you to control that. You can create a user template which you could use for future users you add, but it doesn't help you now. The only suggestion I could make is if most of your users are allowed access, enable the policy, and then manually select those you want to deny access.
0
 
stangrrrr2Author Commented:
bleh, i give up.  evidently there's some sort of bug with allowing access on the dial in tab through all these scripting methods.  i guess i'll have to do it manually.  i never really understood why some people were so anti-windows but after migrating 3 servers from nt to 03 i can now understand where they're coming from

thanks for your help
0
 
Rob WilliamsCommented:
Very welcome stangrrrr2, sorry we couldn't come up with a better solution.

>>"migrating 3 servers from nt to 03 "
Big jump, which usually requires a fair amount of manual "tweaking". Been there, done that, and it's not fun....unless time is not a factor.

>>"i never really understood why some people were so anti-windows "
I agree there are lots problems or issues, but have you found something better that is as versatile, the customer is happy with, and support is available.  :-)  I'm still searching.

Thanks stangrrrr2, good luck with it.
--Rob
0
 
stangrrrr2Author Commented:
"I agree there are lots problems or issues, but have you found something better that is as versatile, the customer is happy with, and support is available.  :-)  I'm still searching."

Oh I'm not knocking it by any means, it beats trying to figure out the 101 flavors of linux by a long shot.

It's not all bad I guess, I did learn some stuff I didn't know by reading what you shared with me so thanks for that, and have a good turkey day and all that stuff   :)
0
 
Rob WilliamsCommented:
I'm in Canada, we already had our Turkey day, but thanks and enjoy yours !
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.