'Ignore user dial-in properties' setting is ignored?
Posted on 2011-04-21
Our environment is configured using NPS to authenticate our wireless connections according to machine domain membership. For whatever reason, many of my users cannot connect, and the NPS server throws this log:
Reason Code: 65
Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.
So, logically, I went in to my policy (and the other 2 default policies), and set them all to "Ignore user's dial-in properties' in the overview tab. However, they still cannot connect unless I explicitly set their account to Allow Access under the Network Access Permission tab of their account settings. 99% of my auser accounts are already configured to "Control access through NPS Network Policy" and it would be annoying to change them all by hand. Is there a setting that I'm missing?