| Author |
Remte access default
|
|
| adam salam 2003-07-22, 6:22 am |
| Is that true:
the default dial-in permissions in w2k domain Native Mode is "Control Access through Remote Access Policy".
coz I have went through that in some study guide and want to make sure.
I know that the default dial-in permissions in w2k server is at User level, means controlled from "Active directory users and computers", and Allow or Deny access as needed.
any help  | |
| Jonoplunk 2003-07-22, 6:35 am |
| Adam,
The MS site states that "The default Windows 2000 remote access policy is set to Allow access if dial-in permission is enabled".
As far as I understand, policy control is only possible in Native mode, if you are running a Mixed environment, you have to rely on the users individual settings. If Native you can set all the policies you want.
Here is the link that I used.
http://support.microsoft.com/defaul...kb;en-us;313082
Hope some of this helps. | |
| adam salam 2003-07-22, 7:13 am |
| quote:
Originally posted by Jonoplunk
Adam,
The MS site states that "The default Windows 2000 remote access policy is set to Allow access if dial-in permission is enabled".
As far as I understand, policy control is only possible in Native mode, if you are running a Mixed environment, you have to rely on the users individual settings. If Native you can set all the policies you want.
you are correct,
but what I mean here, is:
I know that the default dial-in permissions in w2k server is at User level, and not “Control Access through Remote Access Policy", more clear: when you right click a user from "Active directory users and computers" MMc, and choose Properties, on the Dial-up tab you find that “Deny Access” is checked, and you have the “Allow Access”, and “Control Access through Remote Access Policy” check boxes un checked.
And that’s mean "Control Access through Remote Access Policy" is not the default.
Anyone work in a multiple DC’s environment can tell? | |
| Jonoplunk 2003-07-22, 7:27 am |
| Right, I think I see where you are going with this then. Good point. I am in a mixed environment so I can't test this. Maybe you would have to create a group for the RAS users and then assign that group the RAS rights through a Remote Access Policy. It think that this is one of the advantages of using Remote Access Policies is that you can assign groups rights by using polcies and save having to set up each individuals dial in settings | |
| B4yaman3 2003-07-22, 4:48 pm |
| Adam the statement is True. Once your DC is in native mode it is set to "Control Access through Remote Access Policy". | |
| adam salam 2003-07-23, 3:55 am |
| quote:
Originally posted by B4yaman3
Adam the statement is True. Once your DC is in native mode it is set to "Control Access through Remote Access Policy".
thank you for the info.
I am using a home network for study, and didn't go through that before.
thank you very much. | |
| Ngittins 2003-07-25, 7:51 am |
| RRAS policy default:
DENY
Default MIXED Domain:
Allow access "Not Checked"
Deny Access "Checked"
Defauls NATIVE Domain:
Allow Acceess "Not Checked"
Deny Access "Not Checked"
Control Access through RAP "checked"
Leaving me to belive that access can only be controled by RAP. | |
| adam salam 2003-07-25, 8:30 am |
| quote:
Originally posted by Ngittins
RRAS policy default:
DENY
Default MIXED Domain:
Allow access "Not Checked"
Deny Access "Checked"
Defauls NATIVE Domain:
Allow Acceess "Not Checked"
Deny Access "Not Checked"
Control Access through RAP "checked"
Leaving me to belive that access can only be controled by RAP.
that's great explanation 
thank you | |
| nero64 2003-07-26, 9:31 am |
| MS 216 TK Pg 439
"It is possible to control user access to a RAS server using remote access policies only on a stand-alone win2k server or a native mode AD domain. You cannot use remote access policies on a mixed mode domain."
So even if you change the user to grant access in the dial up properties on a mixed mode DC you cannot use remote access policies to grant or deny the user access.
???
What are MS getting at with this statement.
Yes by default in mixed mode it is set to deny so using RAS policies won't make a difference, but when you change it to allow surely RAS policies can be configured then.
?????? Anyone with a comment. | |
| adam salam 2003-07-26, 1:14 pm |
| quote:
Originally posted by nero64
Yes by default in mixed mode it is set to deny so using RAS policies won't make a difference, but when you change it to allow surely RAS policies can be configured then.
?????? Anyone with a comment.
Hi Nero
in Mixed mode you can't use RAP, in thais case you don't have the option to [b]"Control Access through RAP"[/b.]
Only in Native mode you have that option use RAP.
hope that help | |
| nero64 2003-07-28, 1:31 am |
| Yes the option to control access through remote access policy is greyed in mixed mode but if you change it to grant access, then you can use RAP to allow or restrict a group or users.
Anyway that's my understanding. However i haven't configured it in the work force. | |
| adam salam 2003-07-28, 4:26 am |
| quote:
Originally posted by nero64
Yes the option to control access through remote access policy is greyed in mixed mode but if you change it to grant access, then you can use RAP to allow or restrict a group or users.
Anyway that's my understanding. However i haven't configured it in the work force.
You can't use RRAS RAP in Mixed-mode anyway. | |
| nero64 2003-07-28, 9:10 am |
| quote:
You can't use RRAS RAP in Mixed-mode anyway.
Why not? Is it because if you have NT servers they won't support it. Just say if you have only w2k servers and clients and are still running in mixed mode.
I remember posting a similar question about RAS policies in 215 forum and I went away thinking that RAP will work in mixed mode. | |
| jeff_j_black 2003-07-28, 9:59 am |
| On my mixed mode Win2k DC the option to use remote access policy for RRAS was grayed out, not available. So it would seem that you cannot use Remote Access Policy in Mixed Mode. | |
| adam salam 2003-07-28, 12:16 pm |
| quote:
Originally posted by nero64
Why not? Is it because if you have NT servers they won't support it. Just say if you have only w2k servers and clients and are still running in mixed mode.
I remember posting a similar question about RAS policies in 215 forum and I went away thinking that RAP will work in mixed mode.
Mixed and Native Modes do no thing with "Clients" it depend on "Servers".
mean you can have any kind of OS machins, w9x, NT,.... in Native-mode.
but if you have an NT PDC in the same domain, thus your working in Mixed-mode.
hope that help |
|
|
|