Question about Remote Access policies

[Darren.Albers]

We recently converted from a Mixed-mode Domain to Native
mode, we now would like to use policies to manage our
remote access rather than just denying or allowing access.

The problem is that we have over 2000 user accounts and I
would rather not have to touch each one, is there a way to
make this change without having to touch every account
individually?

Thank you,
Darren

 

[Darren.Albers]

As an update to this, I created a script (I downloaded it
from:
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/ScriptCenter/user/ScrUG133.asp) to do this,
but I was hoping for an easier way. Or does anyone know
how to have this script set this object for every user
account without manually typing into the script each user
account and full path in AD?

 

[Herb Martin]

Win2003 added (seems silly since NT had it) multiple selection so
you can make such changes for many users at once in Active Directory
Users and Computers.

But the REALLY DUMB thing is that both the RRAS and Terminal Service
tabs are not then accessible -- these being two of the four most like areas
you would wish to mass change (Account and Profile, the other two are
included.)

As an update to this, I created a script (I downloaded it
from:
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/ScriptCenter/user/ScrUG133.asp) to do this,
but I was hoping for an easier way. Or does anyone know
how to have this script set this object for every user
account without manually typing into the script each user
account and full path in AD?

Just dump a list of your users and change the script a bit to loop
over the list.

 

[Albers.Darren]

lol, yeah that does seem a bit backwards! I guess I will
have to figure out how to make that script do that, I
posted a question in the scripting group and maybe someone
there can help me. Otherwise our LAN Admins will be
modifying their users next week

 

[Herb Martin]

lol, yeah that does seem a bit backwards! I guess I will

have to figure out how to make that script do that, I
posted a question in the scripting group and maybe someone
there can help me. Otherwise our LAN Admins will be
modifying their users next week

It is hard to believe they left this out of Win2000 -- it is even harder to
believe that in Win2003 they added it INCOMPLETELY.

 

[Guest]

Thanks to a post by Richard Mueller [MVP] (rlmueller-
(e-mail address removed)), on the scripting board I got a
script to do this work for me Here is what I did for
anyone who is searching for a solution to the same problem!

I downloaded this script to create the user list as
Richard Meuller advised
http://www.rlmueller.net/Programs/CreateUserList2.txt

I then modified another script from that same page to
reset the value I was looking for.

That was all it took, thank you so much Richard Mueller.
Your post was a life-saver!

------------------------------------------------------
strFilePath = "c:\UserList2.txt"

' Open the file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFilePath, 1)



Do Until objFile.AtEndOfStream
strLine = Trim(objFile.ReadLine)
If strLine <> "" Then
On Error Resume Next
Err.Clear
Set objUser = GetObject("LDAP://" & strLine)
If Err.Number <> 0 Then
Err.Clear
Wscript.Echo "User NOT found: " & strLine
Else
objUser.PutEx ADS_PROPERTY_CLEAR, "msNPAllowDialin",
0
objUser.SetInfo
If Err.Number <> 0 Then
Err.Clear

End If
End If
On Error GoTo 0
End If
Loop
Wscript.Echo "Done"

 

[Darren.Albers]

Oops the script did not work, but I added a const that was
missing:


' Specify the text file of user names.
strFilePath = "c:\UserList2.txt"

' Open the file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFilePath, 1)
Const ADS_PROPERTY_CLEAR = 1


Do Until objFile.AtEndOfStream
strLine = Trim(objFile.ReadLine)
If strLine <> "" Then
On Error Resume Next
Err.Clear
Set objUser = GetObject _
("LDAP://" & strLine)
If Err.Number <> 0 Then
Err.Clear
Wscript.Echo "User NOT found: " & strLine
Else
objUser.PutEx ADS_PROPERTY_CLEAR, "msNPAllowDialin",
0
objUser.SetInfo
If Err.Number <> 0 Then
Err.Clear

End If
End If
On Error GoTo 0
End If
Loop
Wscript.Echo "Done"

-----Original Message-----
Thanks to a post by Richard Mueller [MVP] (rlmueller-
(e-mail address removed)), on the scripting board I got a
script to do this work for me Here is what I did for
anyone who is searching for a solution to the same problem!

I downloaded this script to create the user list as
Richard Meuller advised
http://www.rlmueller.net/Programs/CreateUserList2.txt

I then modified another script from that same page to
reset the value I was looking for.

That was all it took, thank you so much Richard Mueller.
Your post was a life-saver!

------------------------------------------------------
strFilePath = "c:\UserList2.txt"

' Open the file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFilePath, 1)



Do Until objFile.AtEndOfStream
strLine = Trim(objFile.ReadLine)
If strLine <> "" Then
On Error Resume Next
Err.Clear
Set objUser = GetObject("LDAP://" & strLine)
If Err.Number <> 0 Then
Err.Clear
Wscript.Echo "User NOT found: " & strLine
Else
objUser.PutEx

ADS_PROPERTY_CLEAR, "msNPAllowDialin",

 

[Herb Martin]

Thanks for posting the solution (and the correction.)

 

[Joe]

There is a tool from Microsoft called AD Modify, which you
can download and modify multiple users, and Dialin is one
of the properties.

Joe