I notice that when users are not in SBS Console, only in AD, even though they have "Allow Access" set for Network Access Permission on their user profile, they still cannot connect using SBS vpn. It seems they must be added to the console in order for vpn access to take effect. Is that normal? if so, when adding them to SBS console, a mailbox fis auto created for them even though they dont need it. How to provide vpn access without adding them to SBS console?