Windows 2003 Active Directory and the Dial-In Tab

When i select a user in active directory and go into properties there is a tab called Dial-In.   I recently pointed my vpn authentication to active directory and when the dial-in radio button is set to allow vpn is enable and when its set to deny it is disabled.  Since this vpn setup is a brand new config i would like to set all users to DENY ACCESS and then selectively turn on the VPN users.  Is there a way to do this?

Also, is there a way i can create a security group and by adding a user to that NEW security group it will automatically enable Dial-In?  And if the user is not in the security group dial-in will be diabled?
deklinmAsked:
Who is Participating?
 
kevinhsiehConnect With a Mentor Commented:
Configure your VPN to use RADIUS, and setup IAS on your DC. You then create a policy to to ignore user account dial-in properties and to permit when you match specific security groups. I actually have several policies that send information back to my Cisco ASA VPN for what type of networking connectivity they get. That might be beyond your use case, but setting VPN permissions via security groups is much easier than as a user property.

http://technet.microsoft.com/en-us/library/cc782585(WS.10).aspx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.