|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
jhardee
Guest
|
 Posted: Mon May 15, 2006 11:46 pm Post subject: Dial-in tab and gpo |
 |
|
I'm trying to understand the interaction between a remote access policy (gpo)
and the selection options in the dial-in tab for a user's account. I get
that in mixed mode domains controlling access through a remote access policy
is not available. However, what if I have the domain in native mode, have
the dial-in tab for a user set to Allow Access, and also have a remote access
gpo. How would the gpo interact with this setting? Would it take precedence
because it is processed later?
Also, I'm assuming that any setting of Deny Access will take precendence.
If in native mode, and the user's dial-in tab is set to Deny Access, a gpo
with a different setting won't affect the user's access. Also, if in native
mode, and the user's dial-in tab is set to Allow Access, but a gpo is set to
Deny Access, then the user would be denied. Correct?
Any insights or links would be appreciated.
--Jeff |
|
| Back to top |
|
 |
|
|
Brian Delaney
Guest
|
| Posted: Wed May 17, 2006 7:03 am Post subject: RE: Dial-in tab and gpo |
|
|
Allow --> The user is allowed access
Deny --> The user is denied access
Control Access through remote access policy --> The remote access policy is
checked to see if the user is allowed or denied.
The default setting in mixed mode is Deny, in native mode it is Control
Access through remote access policy
--
Brian Delaney, MCSE
"jhardee" wrote:
| Quote: | I'm trying to understand the interaction between a remote access policy (gpo)
and the selection options in the dial-in tab for a user's account. I get
that in mixed mode domains controlling access through a remote access policy
is not available. However, what if I have the domain in native mode, have
the dial-in tab for a user set to Allow Access, and also have a remote access
gpo. How would the gpo interact with this setting? Would it take precedence
because it is processed later?
Also, I'm assuming that any setting of Deny Access will take precendence.
If in native mode, and the user's dial-in tab is set to Deny Access, a gpo
with a different setting won't affect the user's access. Also, if in native
mode, and the user's dial-in tab is set to Allow Access, but a gpo is set to
Deny Access, then the user would be denied. Correct?
Any insights or links would be appreciated.
--Jeff |
|
|
| Back to top |
|
|
Jorge Silva
Guest
|
| Posted: Wed May 17, 2006 2:58 pm Post subject: Re: Dial-in tab and gpo |
|
|
Hi
| Quote: | I'm trying to understand the interaction between a remote access policy
(gpo)
and the selection options in the dial-in tab for a user's account.
|
If:
Allow access -> the user is allowed to access (no control by RRAS policy)
Deny access -> the user is denied to access (no control by RRAS policy)
Control access through remote access policy -> the RRAS policy is verified
before allow the user to login.
| Quote: | I get
that in mixed mode domains controlling access through a remote access
policy
is not available. However, what if I have the domain in native mode, have
the dial-in tab for a user set to Allow Access, and also have a remote
access
gpo. How would the gpo interact with this setting? Would it take
precedence
because it is processed later?
|
Control access through remote access policy is only available when DFL is in
2000 native or later.
Remote access policy is different from Group Policy. Remote access policies
are rules defined to remote users connections.
Group Policies are applied normaly as they would if the user was in the
network.
| Quote: | Also, I'm assuming that any setting of Deny Access will take precendence.
If in native mode, and the user's dial-in tab is set to Deny Access, a gpo
with a different setting won't affect the user's access. Also, if in
native
mode, and the user's dial-in tab is set to Allow Access, but a gpo is set
to
Deny Access, then the user would be denied. Correct?
|
If dial-in tab is set to Deny Acces the user will be denied, no matter what
remote access policy is defined.
If dial-in tab is set to Allow Acces the user will be granted access, no
matter what remote access policy is defined.
Remote access policies are applied by order example:
- If user1 is denied access by remote access policy and this policy is in
order 1
- If user1 is allowed access by remote access policy and this policy is in
order 2
the user is denied access
- If user1 is denied access by remote access policy and this policy is in
order 2
- If user1 is allowed access by remote access policy and this policy is in
order 1
the user is granted access
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"jhardee" <jhardee@discussions.microsoft.com> wrote in message
news:90239F4D-D5E6-4DAC-9700-95AC7A03C2C6@microsoft.com...
| Quote: | I'm trying to understand the interaction between a remote access policy
(gpo)
and the selection options in the dial-in tab for a user's account. I get
that in mixed mode domains controlling access through a remote access
policy
is not available. However, what if I have the domain in native mode, have
the dial-in tab for a user set to Allow Access, and also have a remote
access
gpo. How would the gpo interact with this setting? Would it take
precedence
because it is processed later?
Also, I'm assuming that any setting of Deny Access will take precendence.
If in native mode, and the user's dial-in tab is set to Deny Access, a gpo
with a different setting won't affect the user's access. Also, if in
native
mode, and the user's dial-in tab is set to Allow Access, but a gpo is set
to
Deny Access, then the user would be denied. Correct?
Any insights or links would be appreciated.
--Jeff |
|
|
| Back to top |
|
|
|
|
