Solved

VPN - Allow/Deny or Control access Policy issue

Posted on 2011-03-04
5
499 Views
Last Modified: 2013-12-05
Ive installed and configured a master win 2003, sp2, dns, dhcp & connected via a switch 'LOCALLY' for the time being and no VLANS are being used so it is acting as a HUB.

when i configured IAS & Radius I selected the tick box option on a 'USER' account for 'control policy'.

What is the difference between:

- Allow
- Deny
- Control policy option

??
0
Comment
Question by:mikey250
  • 3
  • 2
5 Comments
 
LVL 7

Accepted Solution

by:
jesaja earned 500 total points
Comment Utility
In the Dial-in settings of the as users properties

Allow will enable the the user to dial-in for remote access, if a RAS VPN Server is setup

Deny will disable dial-in ability for that user

If option is set to Control access through NPS. Dial-in permission will be controlled by RAS Policy
0
 
LVL 7

Assisted Solution

by:jesaja
jesaja earned 500 total points
Comment Utility
just get more specific
ras policies will get processed in either
if the option is set to disable connection will be interrupted immediately
if the option is set to enable the RAS Policy option for access will be ignored but if the polices conditions meet the conditions value policy will be applied and no other policy will processed further.

 
0
 

Author Comment

by:mikey250
Comment Utility
so if i selected 'Allow' and NOT 'Control access policy', does it mean less security - Yes or No?

Does selecting 'Control access policy' - mean more secure?

Or are you saying the 'Disable & Allow' - are only for Dial-up?

what does RAS stand for?

Just trying to understand your explanation
0
 
LVL 7

Expert Comment

by:jesaja
Comment Utility
The Dial In settings will control the remote Access Permissions for the user. The same option can be set in the Remote Access Policies of the Internet Authentication (IAS) Service (as depicted)



If the users Dial in Remote Access Permission is set to Allow or Deny access the user remote access permission overrides the policy remote access permission (as depicted) and only if the Remote Access Policy is applied to the user. There can only be one Remote Access Policy applied to a user that is controlled through the Conditions in the Policy. That means no further policy will be processed.

When remote access permission on a user account is set to the Control access through Remote Access Policy option, the policy remote access permission determines whether the user is granted access.


So the best approach is to create a Dial-In Security Group and add the user accounts to this group and set those users to Control access through Remote access Policy and set all other users to deny.
Create a Remote Access Policy and add a condition to this Policy that checks if the user is in this group (Windows Groups)
and set the Option
 - If a connection request matches the specified conditions to Grand remote access permissions

That will gives grater control and transparency to determine  user dial in access thus only members of the security group will have access


what does RAS stand for?
- Routing and Remote Access Server



 Settings

 Settings
0
 

Author Comment

by:mikey250
Comment Utility
Thanks for the clarity.
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now