Solved

How do i enable Remote access Permission option, through the entire ADUC?

Posted on 2008-10-14
10
627 Views
Last Modified: 2012-06-21
I dont know if its possible to enable under the ADUC, dial in tab, the 'Remote Access Permission' option to enabled, through the entire ADUC?  

Just added VPN, and i would like to enable this to the ADUC, without doing one by one.  Thanks.
0
Comment
Question by:nociuduis
  • 4
  • 4
10 Comments
 
LVL 2

Expert Comment

by:simeonf
ID: 22727081
Hi Nociuduis,

It's possible to script setting the attribute across all users in your domain, if you'd like sample code for this let me know and I'll send through.

I don't think is the best way to configure remote access though! Instead if you modify your Remote Access Policy to be based on group membership instead of the AD user attribute, you can add/remove access through ADUC without resorting to scripts.

Here's some info on configuring IAS to get you started - http://technet.microsoft.com/en-us/library/cc782585.aspx. Let me know if you need more assistance with this.

Cheers,
Simeon

0
 

Author Comment

by:nociuduis
ID: 22789772
Thank you so much.
Excuse the lack in reply and i hope you still exist somewhere.
Im a novice when it comes to this stuff, so i will only modify or touch something, in which i can mess around, without actually killing something.
I took a look at that, and im lost in the instructions, little advanced for me.  I dont mind doing it, but im not going to risk it.  If your willing to help little more, that would be great.  Thanks.
0
 
LVL 2

Expert Comment

by:simeonf
ID: 22793659
Hi Nociudis,

Here's a step by step to get it up and running.

Create an AD user group to control VPN access, type Global Group (eg UG_RemoteAccess_AllowVPN)

Open the Internet Authentication Service mmc under Control Panel -> Administrative Tools. Select Remote Access Policies in the left pane. In the right pane you'll see the default policy created by the VPN setup wizard - leave this one alone for now.

Right click in the blank space, choose New Remote Access Policy, click Next.
Enter a name (like Allow VPN Access - Group Membership), click Next.
Select VPN as the Access Method, click Next.
The next window prompts for User or Group based access - select Group, click Add, browse your domain and find the group you created, click Next.
Choose the authentication method you want (MS-CHAP-V2 is easiest for username/password authentication from clients). Click Next.
Leave the defaults for encription or you can disable the lower security ones, click Next.
Click Finish.

That's it! Put a test user in the group, remove the Dial In attribute from a test user account (to ensure they aren't be allowed in via your original policy) and test out connecting to the VPN as that user.

Cheers,
Simeon
0
 

Author Comment

by:nociuduis
ID: 22797398
Thats great, and i completed the entire tasks, but it still doesnt allow me to connect to the VPN, unless I check the 'Allow Remote Access' box under the 'Dial In' tab in the AD.

I understood everything but the beginning, and im guessing thats why its not working.  The line where you state 'In the right pane you'll see the default policy created by the VPN setup wizard - leave this one alone for now.'

I never did a VPN setup, so i only see the defaults in the left panel.  What am i missing?  Thanks for the help.
0
The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

 
LVL 2

Expert Comment

by:simeonf
ID: 22809170
Ok let's make sure we're on the same page here! Are you using the Microsoft Routing and Remote Access VPN? Or another third party software or hardware one? What steps did you take to setup and configure it in the first place?
0
 

Author Comment

by:nociuduis
ID: 22812699
I'm using RADIUS, but im sure its not configured using that.

Everything was configured on the router.  We assigned internal IP's to be 192.168.88.x, on the router.  Thats another issue i would like to resolve as well.  When connected to the VPN, and i try to remote into the server, im unable, and i think its cause im using 192.168.88.x instead of 192.168.2.x.  I need to somehow tell the server to accept 88.x IP.  We can access all resources with no issues, just remoting into PCs for help, or servers im unable too.  Hope this is clear enough.
0
 
LVL 2

Accepted Solution

by:
simeonf earned 500 total points
ID: 22827118
Ah ok. Is the router configured to do a direct lookup of a domain controller or does it point at your RADIUS server? If it's pointing at the RADIUS server, there must be a remote access policy configured and you should be able to create a new one based on group membership rather than the dialin attribute. If it's doing an LDAP query then it will depend on the router whether it can be configured to look at something other than that attribute.

I'm also thinking this might be beyond scope of a forum discussion! It might be worth considering getting someone out to have a look and help you design and implement what you want.
0
 

Author Comment

by:nociuduis
ID: 22827144
Its using the RADIUS LDAP functions.  Its no big deal, just got to remember to check the dial in box, to accept, and it works.  I just wanted it to be clean and done correctly, not like a 5th grader did it.

Can you help in the network accepting 192.168.88.x as internal?  Or is that another question, elsewhere?

Thank man.  This is a great how to for someone doing it the way you had thought in the beginning. Sorry to have not given all information.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now