Share via


Allow dial-up connection using group membership

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Allow dial-up connection using group membership

In this example, the network administrator is managing authorization by using groups. All user accounts have the Remote Access Permission (Dial-in or VPN) option set to Control access through Remote Access Policy.

The network administrator wants to allow dial-up connections for only those user accounts that belong to a specific set of groups. After remote access permission is set for all user accounts, the administrator completes the following steps:

  1. Use the New Remote Access Policy Wizard to create a common dial-up policy with the following settings:

    • Policy name: Dial-up access for allowed groups

    • Access Method: Dial-up access

    • User or Group: Select Group, and then specify the set of groups for which dial-up access is allowed.

    • Authentication methods: Select Microsoft Encrypted Authentication version 2 (MS-CHAP v2) and Microsoft Encrypted Authentication.

    • Policy Encryption Level: Select all check boxes.

      For more information, see Add a remote access policy.

  2. Delete the default policies.

    For more information, see Delete a remote access policy.

Notes

  • It is not necessary to have a separate remote access policy for each group. You can specify multiple groups or you can use nested groups to both delegate administration of and consolidate group membership. For a remote access or IAS server in a Windows 2000 native domain or a Windows Server 2003 domain, you can use universal groups. For more information, see Domain and forest functionality.

  • You cannot use built-in or local domain groups when specifying group names.