Solved

Windows 2003 Active Directory and the Dial-In Tab

Posted on 2010-11-18
1
690 Views
Last Modified: 2012-05-10
When i select a user in active directory and go into properties there is a tab called Dial-In.   I recently pointed my vpn authentication to active directory and when the dial-in radio button is set to allow vpn is enable and when its set to deny it is disabled.  Since this vpn setup is a brand new config i would like to set all users to DENY ACCESS and then selectively turn on the VPN users.  Is there a way to do this?

Also, is there a way i can create a security group and by adding a user to that NEW security group it will automatically enable Dial-In?  And if the user is not in the security group dial-in will be diabled?
0
Comment
Question by:deklinm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 34166930
Configure your VPN to use RADIUS, and setup IAS on your DC. You then create a policy to to ignore user account dial-in properties and to permit when you match specific security groups. I actually have several policies that send information back to my Cisco ASA VPN for what type of networking connectivity they get. That might be beyond your use case, but setting VPN permissions via security groups is much easier than as a user property.

http://technet.microsoft.com/en-us/library/cc782585(WS.10).aspx
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question