• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 701
  • Last Modified:

Windows 2003 Active Directory and the Dial-In Tab

When i select a user in active directory and go into properties there is a tab called Dial-In.   I recently pointed my vpn authentication to active directory and when the dial-in radio button is set to allow vpn is enable and when its set to deny it is disabled.  Since this vpn setup is a brand new config i would like to set all users to DENY ACCESS and then selectively turn on the VPN users.  Is there a way to do this?

Also, is there a way i can create a security group and by adding a user to that NEW security group it will automatically enable Dial-In?  And if the user is not in the security group dial-in will be diabled?
1 Solution
Configure your VPN to use RADIUS, and setup IAS on your DC. You then create a policy to to ignore user account dial-in properties and to permit when you match specific security groups. I actually have several policies that send information back to my Cisco ASA VPN for what type of networking connectivity they get. That might be beyond your use case, but setting VPN permissions via security groups is much easier than as a user property.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now