RAS Policy: Computer Authentication w/Windows Group

  • Thread starter Thread starter Rich
  • Start date Start date
R

Rich

I cannot get a remote access policy that grants remote
access based on a "windows group" to work properly. The
windows group contains computer accounts only.

I'm logging in with a user account that has RAS
permissions set to "allow" on that account. The computer
account I'm using has RAS permissions set to "control
through ras policy".

I've tested this a number of ways and I've been
unsuccessful at getting any remote access policy that is
based off of "windows group" membership containing
computer accounts only.

Any ideas or tips? Thanks!

It's a PPTP implementation.
 
I doubt if that will work. When you make a VPN connection, you do so using
a username/password. This is used to authenticate you as having permission
to use VPN. So you will need to use a group of user accounts, not computer
accounts.
 
Hi Rich,

Thanks for your posting here and thanks for Bill's great reply.

The Remote Access Policy is for user permissisons, so you need to assign to
user accounts or groups including user accounts.

More information, you can refer to the following document.

313082 How To Enforce a Remote Access Security Policy in Windows 2000
http://support.microsoft.com/?id=313082

Have a nice day!

Regards,
Bob Qin
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: "Rich" <[email protected]>
Subject: RAS Policy: Computer Authentication w/Windows Group
Date: Tue, 2 Nov 2004 09:18:34 -0800
Newsgroups: microsoft.public.win2000.ras_routing

I cannot get a remote access policy that grants remote
access based on a "windows group" to work properly. The
windows group contains computer accounts only.

I'm logging in with a user account that has RAS
permissions set to "allow" on that account. The computer
account I'm using has RAS permissions set to "control
through ras policy".

I've tested this a number of ways and I've been
unsuccessful at getting any remote access policy that is
based off of "windows group" membership containing
computer accounts only.

Any ideas or tips? Thanks!

It's a PPTP implementation.
 
Back
Top