Odd issue with AD Users/Computers in XP Pro

[Jamie]

I administer a Win2000 Network and have installed the XP
admin pack so that AD Users and Computers runs on my XP
Pro machine. It seems to work great, but for some reason
if I edit a users properties I cannot see the spot to
grant them VPN access (normally the Dial-in tab), I wind
up having to make a remote connection to a Win2000 server
and access AD users through that to assign VPN access.
Also notice it it a little different in Group Policy as
well, seems like some things are missing there. Is there
something I am missing? Is there a new release to the
Admin pak or is this by design?

 

[Mark]

Hi Jamie,
Are you sure that Advanced Features are enabled? right
click on root of Domain in Users and Computers and choose
view, advanced features. This will give you more tabs in
the user properties, although the Dial up tab should be
there without the advanced features enabled, if you have
w2k2003 server install the admin pack from this on your xp
workstation and it definitely works

Mark

 

[Jamie]

Yes advanced features are enabled...I had done that
already to look at Exchange tabs. I will have to find
the 2003 server CD to install that and see if it helps.
Any other thoughts?

 

[Mark]

Hi Jamie,
The only other thing to try if you don't have 2003 server
CD is to remove the AD snap-in from MMC console and
install it again, you've probably done this already, so I
think the 2003 server admin pak is the best way I will see
if this can be downloaded seperately from somewhere and
get back to you on this one
Mark

 

[Tim Hines [MSFT]]

That problem is mentioned in the article below. I've pasted a portion of
the article there as well. You can install the 2003 admin tools to resolve
it.

304718 How to remotely administer Windows Server-based computers by using
http://support.microsoft.com/?id=304718

- The "Dial-in" tab that configures Routing
and Remote Access dial-in or VPN access and callback settings is removed
when
the Administration Tools package is installed on Windows XP clients.


To manage dial-in properties on the user account, use the remote access
policy
administration model. The remote access policy administration model was
introduced in Windows 2000 to address the limitations in the earlier
dial-in
account permission model. The remote access policy administration model
uses
Windows groups to manage remote access permissions.

Customers who use
the recommended administration model, named remote access policy
administration
model, can use the Administration package from Windows XP to manage
remote
access permission for users in Active Directory. Settings on the
"Dial-in" tab are not typically used for VPN or wireless
deployments. There are several exceptions. For example, administrators
who
deploy dial-up networks may use callback number. In these cases, use
Terminal
Services or Remote Desktop to access a Windows 2000-based or a Windows
Server
2003-based computer, or log on to the console of a Windows 2000-based or
Windows Server 2003-based computer to manage the "Dial-in" tab.
The remote access policy administration model has the following
benefits:


- Detailed administration

Administrators who
manage dial-in permission also must have access to the whole user
account. The
user account has many more security properties. In the policy
administrative
model, a separate group can be created to grant dial-in permissions,
and
permissions to manage access to that group can be granted to a
different
administrator.



--
--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.