SBS 2011 VPN Connectivity

yohayon used Ask the Experts™
I notice that when users are not in SBS Console, only in AD, even though they have "Allow Access" set for Network Access Permission on their user profile, they still cannot connect using SBS vpn. It seems they must be added to the console in order for vpn access to take effect. Is that normal? if so, when adding them to SBS console, a mailbox fis auto created for them even though they dont need it.  How to provide vpn access without adding them to SBS console?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Andrew OakeleyConsultant

Although we could probably figure this out the correct answer in SBS land is "use the console and wizards for everything" if you dont want them to have a mailbox, then delete it afterwards.

Now that we have that out the way, do they get access if you "copy" a working user in ADUC rather than creating the user from scratch? this should result in the user having the same permissions as the working user.
Top Expert 2011
When you enable VPN via the SBS Console (via Network, Connectivity) and enable VPN for  an user via the SBS console only thing that is done is that the user is made member of the "Windows SBS Virtual Private Network Users" security group. This group is setup within the NPS for granted access.

So probably when you make the users you want to give access to this security group, everything will be fine.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial