Allow dial-up connection using group membership
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Allow dial-up connection using group membership
In this example, the network administrator is managing authorization by using groups. All user accounts have the Remote Access Permission (Dial-in or VPN) option set to Control access through Remote Access Policy.
The network administrator wants to allow dial-up connections for only those user accounts that belong to a specific set of groups. After remote access permission is set for all user accounts, the administrator completes the following steps:
Use the New Remote Access Policy Wizard to create a common dial-up policy with the following settings:
Policy name: Dial-up access for allowed groups
Access Method: Dial-up access
User or Group: Select Group, and then specify the set of groups for which dial-up access is allowed.
Authentication methods: Select Microsoft Encrypted Authentication version 2 (MS-CHAP v2) and Microsoft Encrypted Authentication.
Policy Encryption Level: Select all check boxes.
For more information, see Add a remote access policy.
Delete the default policies.
For more information, see Delete a remote access policy.
Notes
It is not necessary to have a separate remote access policy for each group. You can specify multiple groups or you can use nested groups to both delegate administration of and consolidate group membership. For a remote access or IAS server in a Windows 2000 native domain or a Windows Server 2003 domain, you can use universal groups. For more information, see Domain and forest functionality.
You cannot use built-in or local domain groups when specifying group names.