Improve company productivity with a Business Account.Sign Up

x
?
Solved

How do i enable Remote access Permission option, through the entire ADUC?

Posted on 2008-10-14
10
Medium Priority
?
635 Views
Last Modified: 2012-06-21
I dont know if its possible to enable under the ADUC, dial in tab, the 'Remote Access Permission' option to enabled, through the entire ADUC?  

Just added VPN, and i would like to enable this to the ADUC, without doing one by one.  Thanks.
0
Comment
Question by:nociuduis
  • 4
  • 4
8 Comments
 
LVL 2

Expert Comment

by:simeonf
ID: 22727081
Hi Nociuduis,

It's possible to script setting the attribute across all users in your domain, if you'd like sample code for this let me know and I'll send through.

I don't think is the best way to configure remote access though! Instead if you modify your Remote Access Policy to be based on group membership instead of the AD user attribute, you can add/remove access through ADUC without resorting to scripts.

Here's some info on configuring IAS to get you started - http://technet.microsoft.com/en-us/library/cc782585.aspx. Let me know if you need more assistance with this.

Cheers,
Simeon

0
 

Author Comment

by:nociuduis
ID: 22789772
Thank you so much.
Excuse the lack in reply and i hope you still exist somewhere.
Im a novice when it comes to this stuff, so i will only modify or touch something, in which i can mess around, without actually killing something.
I took a look at that, and im lost in the instructions, little advanced for me.  I dont mind doing it, but im not going to risk it.  If your willing to help little more, that would be great.  Thanks.
0
 
LVL 2

Expert Comment

by:simeonf
ID: 22793659
Hi Nociudis,

Here's a step by step to get it up and running.

Create an AD user group to control VPN access, type Global Group (eg UG_RemoteAccess_AllowVPN)

Open the Internet Authentication Service mmc under Control Panel -> Administrative Tools. Select Remote Access Policies in the left pane. In the right pane you'll see the default policy created by the VPN setup wizard - leave this one alone for now.

Right click in the blank space, choose New Remote Access Policy, click Next.
Enter a name (like Allow VPN Access - Group Membership), click Next.
Select VPN as the Access Method, click Next.
The next window prompts for User or Group based access - select Group, click Add, browse your domain and find the group you created, click Next.
Choose the authentication method you want (MS-CHAP-V2 is easiest for username/password authentication from clients). Click Next.
Leave the defaults for encription or you can disable the lower security ones, click Next.
Click Finish.

That's it! Put a test user in the group, remove the Dial In attribute from a test user account (to ensure they aren't be allowed in via your original policy) and test out connecting to the VPN as that user.

Cheers,
Simeon
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 

Author Comment

by:nociuduis
ID: 22797398
Thats great, and i completed the entire tasks, but it still doesnt allow me to connect to the VPN, unless I check the 'Allow Remote Access' box under the 'Dial In' tab in the AD.

I understood everything but the beginning, and im guessing thats why its not working.  The line where you state 'In the right pane you'll see the default policy created by the VPN setup wizard - leave this one alone for now.'

I never did a VPN setup, so i only see the defaults in the left panel.  What am i missing?  Thanks for the help.
0
 
LVL 2

Expert Comment

by:simeonf
ID: 22809170
Ok let's make sure we're on the same page here! Are you using the Microsoft Routing and Remote Access VPN? Or another third party software or hardware one? What steps did you take to setup and configure it in the first place?
0
 

Author Comment

by:nociuduis
ID: 22812699
I'm using RADIUS, but im sure its not configured using that.

Everything was configured on the router.  We assigned internal IP's to be 192.168.88.x, on the router.  Thats another issue i would like to resolve as well.  When connected to the VPN, and i try to remote into the server, im unable, and i think its cause im using 192.168.88.x instead of 192.168.2.x.  I need to somehow tell the server to accept 88.x IP.  We can access all resources with no issues, just remoting into PCs for help, or servers im unable too.  Hope this is clear enough.
0
 
LVL 2

Accepted Solution

by:
simeonf earned 2000 total points
ID: 22827118
Ah ok. Is the router configured to do a direct lookup of a domain controller or does it point at your RADIUS server? If it's pointing at the RADIUS server, there must be a remote access policy configured and you should be able to create a new one based on group membership rather than the dialin attribute. If it's doing an LDAP query then it will depend on the router whether it can be configured to look at something other than that attribute.

I'm also thinking this might be beyond scope of a forum discussion! It might be worth considering getting someone out to have a look and help you design and implement what you want.
0
 

Author Comment

by:nociuduis
ID: 22827144
Its using the RADIUS LDAP functions.  Its no big deal, just got to remember to check the dial in box, to accept, and it works.  I just wanted it to be clean and done correctly, not like a 5th grader did it.

Can you help in the network accepting 192.168.88.x as internal?  Or is that another question, elsewhere?

Thank man.  This is a great how to for someone doing it the way you had thought in the beginning. Sorry to have not given all information.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A simple method to resolve a "keyboard not working" problem by modifying the Windows registry. This issue can often be encountered after using the VMware vCenter Converter Standalone Agent to perform a Physical-to-Virtual (P2V) conversion process.
This is a Step by Step guide to performing a Non-Destructive Windows 10 repair which answers frequently asked questions as to exactly what is lost, and what is kept. Enjoy...
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question