RAS errors - removing Everyone from Pre-Windows 2000

[Ras is Up]

Hello Support,
We have a 2k domain running in native mode with a modem
pool configured on a 2k server running RRAS with a policy
setup to allow a certain gropu to vpn in. When i remove
the everyone group from "Pre-Windows 2000 compatible
access" group, VPN and dialin authentification fails with
error 930. How can i fix this security hole?

 

[Sharoon Shetty K [MSFT]]

Generally the error 930 is caused in the following cases:
1. When your RADIUS server is not reachable from your VPN server.
2. This issue may occur if the computer account has permissions to read the
Active Directory directory service record, but it does not have permissions
to write to the Active Directory record.

To verify the user permissions in the Active Directory Users and Computers
snap-in on a Windows 2000 domain controller. To do this, follow these steps:
1.. Click Start, point to Programs, point to Administrative Tools, and
then click Active Directory Users and Computers.
2.. Expand your domain.
3.. Right-click Domain Controllers, and then click Properties.
4.. Click the Group Policy tab, click Default Domain Controllers Policy,
and then click Edit.
5.. Expand Computer Configuration, expand Windows Settings, expand
Security Settings, expand Local Policies, and then click User Rights
Assignment.
6.. Double-click Access this computer from the network.
7.. By default, the Administrators, the Authenticated Users, and the
Everyone groups are assigned this user right. If these groups are not
assigned this user right, add them. To do so, click Add, locate the user or
group you want to add, and then click OK two times.

 

[Guest]

We do not have Radius Setup, is this a requirement or can
we just have RRAS setup?

Also, does the everyone Group have to be in those
permissions? Admins and Auth. Users are there but not
Everyone.

 

[Priya Raghavan [MSFT]]

RADIUS is not a requirement for RRAS Setup.