Solved

How do i enable Remote access Permission option, through the entire ADUC?

Posted on 2008-10-14
10
626 Views
Last Modified: 2012-06-21
I dont know if its possible to enable under the ADUC, dial in tab, the 'Remote Access Permission' option to enabled, through the entire ADUC?  

Just added VPN, and i would like to enable this to the ADUC, without doing one by one.  Thanks.
0
Comment
Question by:nociuduis
  • 4
  • 4
10 Comments
 
LVL 2

Expert Comment

by:simeonf
ID: 22727081
Hi Nociuduis,

It's possible to script setting the attribute across all users in your domain, if you'd like sample code for this let me know and I'll send through.

I don't think is the best way to configure remote access though! Instead if you modify your Remote Access Policy to be based on group membership instead of the AD user attribute, you can add/remove access through ADUC without resorting to scripts.

Here's some info on configuring IAS to get you started - http://technet.microsoft.com/en-us/library/cc782585.aspx. Let me know if you need more assistance with this.

Cheers,
Simeon

0
 

Author Comment

by:nociuduis
ID: 22789772
Thank you so much.
Excuse the lack in reply and i hope you still exist somewhere.
Im a novice when it comes to this stuff, so i will only modify or touch something, in which i can mess around, without actually killing something.
I took a look at that, and im lost in the instructions, little advanced for me.  I dont mind doing it, but im not going to risk it.  If your willing to help little more, that would be great.  Thanks.
0
 
LVL 2

Expert Comment

by:simeonf
ID: 22793659
Hi Nociudis,

Here's a step by step to get it up and running.

Create an AD user group to control VPN access, type Global Group (eg UG_RemoteAccess_AllowVPN)

Open the Internet Authentication Service mmc under Control Panel -> Administrative Tools. Select Remote Access Policies in the left pane. In the right pane you'll see the default policy created by the VPN setup wizard - leave this one alone for now.

Right click in the blank space, choose New Remote Access Policy, click Next.
Enter a name (like Allow VPN Access - Group Membership), click Next.
Select VPN as the Access Method, click Next.
The next window prompts for User or Group based access - select Group, click Add, browse your domain and find the group you created, click Next.
Choose the authentication method you want (MS-CHAP-V2 is easiest for username/password authentication from clients). Click Next.
Leave the defaults for encription or you can disable the lower security ones, click Next.
Click Finish.

That's it! Put a test user in the group, remove the Dial In attribute from a test user account (to ensure they aren't be allowed in via your original policy) and test out connecting to the VPN as that user.

Cheers,
Simeon
0
 

Author Comment

by:nociuduis
ID: 22797398
Thats great, and i completed the entire tasks, but it still doesnt allow me to connect to the VPN, unless I check the 'Allow Remote Access' box under the 'Dial In' tab in the AD.

I understood everything but the beginning, and im guessing thats why its not working.  The line where you state 'In the right pane you'll see the default policy created by the VPN setup wizard - leave this one alone for now.'

I never did a VPN setup, so i only see the defaults in the left panel.  What am i missing?  Thanks for the help.
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 
LVL 2

Expert Comment

by:simeonf
ID: 22809170
Ok let's make sure we're on the same page here! Are you using the Microsoft Routing and Remote Access VPN? Or another third party software or hardware one? What steps did you take to setup and configure it in the first place?
0
 

Author Comment

by:nociuduis
ID: 22812699
I'm using RADIUS, but im sure its not configured using that.

Everything was configured on the router.  We assigned internal IP's to be 192.168.88.x, on the router.  Thats another issue i would like to resolve as well.  When connected to the VPN, and i try to remote into the server, im unable, and i think its cause im using 192.168.88.x instead of 192.168.2.x.  I need to somehow tell the server to accept 88.x IP.  We can access all resources with no issues, just remoting into PCs for help, or servers im unable too.  Hope this is clear enough.
0
 
LVL 2

Accepted Solution

by:
simeonf earned 500 total points
ID: 22827118
Ah ok. Is the router configured to do a direct lookup of a domain controller or does it point at your RADIUS server? If it's pointing at the RADIUS server, there must be a remote access policy configured and you should be able to create a new one based on group membership rather than the dialin attribute. If it's doing an LDAP query then it will depend on the router whether it can be configured to look at something other than that attribute.

I'm also thinking this might be beyond scope of a forum discussion! It might be worth considering getting someone out to have a look and help you design and implement what you want.
0
 

Author Comment

by:nociuduis
ID: 22827144
Its using the RADIUS LDAP functions.  Its no big deal, just got to remember to check the dial in box, to accept, and it works.  I just wanted it to be clean and done correctly, not like a 5th grader did it.

Can you help in the network accepting 192.168.88.x as internal?  Or is that another question, elsewhere?

Thank man.  This is a great how to for someone doing it the way you had thought in the beginning. Sorry to have not given all information.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Several part series to implement Internet Explorer 11 Enterprise Mode
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now