RAS Policy: Computer Authentication w/Windows Group

R

Rich

I cannot get a remote access policy that grants remote
access based on a "windows group" to work properly. The
windows group contains computer accounts only.

I'm logging in with a user account that has RAS
permissions set to "allow" on that account. The computer
account I'm using has RAS permissions set to "control
through ras policy".

I've tested this a number of ways and I've been
unsuccessful at getting any remote access policy that is
based off of "windows group" membership containing
computer accounts only.

Any ideas or tips? Thanks!

It's a PPTP implementation.
 
B

Bill Grant

I doubt if that will work. When you make a VPN connection, you do so using
a username/password. This is used to authenticate you as having permission
to use VPN. So you will need to use a group of user accounts, not computer
accounts.
 
B

Bob Qin [MSFT]

Hi Rich,

Thanks for your posting here and thanks for Bill's great reply.

The Remote Access Policy is for user permissisons, so you need to assign to
user accounts or groups including user accounts.

More information, you can refer to the following document.

313082 How To Enforce a Remote Access Security Policy in Windows 2000
http://support.microsoft.com/?id=313082

Have a nice day!

Regards,
Bob Qin
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: "Rich" <[email protected]>
Subject: RAS Policy: Computer Authentication w/Windows Group
Date: Tue, 2 Nov 2004 09:18:34 -0800
Newsgroups: microsoft.public.win2000.ras_routing

I cannot get a remote access policy that grants remote
access based on a "windows group" to work properly. The
windows group contains computer accounts only.

I'm logging in with a user account that has RAS
permissions set to "allow" on that account. The computer
account I'm using has RAS permissions set to "control
through ras policy".

I've tested this a number of ways and I've been
unsuccessful at getting any remote access policy that is
based off of "windows group" membership containing
computer accounts only.

Any ideas or tips? Thanks!

It's a PPTP implementation.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

RAS log fields 2
RAS Windows 2003 SBS State "Access is denied" 0
Does RAS log IP Address Pool Assignments to usernames and where??? 0
Corporate Network - Forcing a RAS client to only access a Terminal Server 8
RAS Server 2000 and AD 2003 1
RAS authentication problem 5
RAS authentication error 619 Issue 1
Same Authentication for Multiple RAS Servers 1

Top