Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 699
  • Last Modified:

Windows 2003 Active Directory and the Dial-In Tab

When i select a user in active directory and go into properties there is a tab called Dial-In.   I recently pointed my vpn authentication to active directory and when the dial-in radio button is set to allow vpn is enable and when its set to deny it is disabled.  Since this vpn setup is a brand new config i would like to set all users to DENY ACCESS and then selectively turn on the VPN users.  Is there a way to do this?

Also, is there a way i can create a security group and by adding a user to that NEW security group it will automatically enable Dial-In?  And if the user is not in the security group dial-in will be diabled?
0
deklinm
Asked:
deklinm
1 Solution
 
kevinhsiehCommented:
Configure your VPN to use RADIUS, and setup IAS on your DC. You then create a policy to to ignore user account dial-in properties and to permit when you match specific security groups. I actually have several policies that send information back to my Cisco ASA VPN for what type of networking connectivity they get. That might be beyond your use case, but setting VPN permissions via security groups is much easier than as a user property.

http://technet.microsoft.com/en-us/library/cc782585(WS.10).aspx
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now