Information Technology Reference
In-Depth Information
8.
Select the appropriate radio button to either grant or deny remote access to the user if
the connection matches the specified criteria.
9.
Click the Edit button to edit the dial-in profile. (The settings are the same as described
in Recipe 4-9, “Creating Remote Access Policies,” in step 5 of the instructions for creating
a custom policy.)
10.
Click the OK button when complete.
To prioritize one policy over another, follow these steps:
1.
Expand the server tree in the left pane.
2.
Right-click the Remote Access Policies node in the left pane.
3.
Right-click the policy in the right pane that you want to prioritize, and select the option
to either Move Up or Move Down with respect to other policies.
How It Works
The policy with the lowest order number is processed before those with higher numbers. Once
a connection request meets the criteria specified by a policy, the connection is either allowed
or denied based on the configuration of that policy; subsequent policies are not processed.
Because of this, it is important to consider the order in which policies are applied so that you
do not inadvertently allow or deny someone remote access inappropriately.
If the connection request does not meet the criteria of any of the policies, the request will
be denied.
See Also
Microsoft KB 816522: “How to Create and Enforce a Remote Access Security Policy in Windows
Server 2003.” This article provides additional information relating to the enforcement of
remote access security policies in a Windows Server 2003-based native-mode domain.
4-11. Managing User-Specific Permissions and Settings
Problem
You want to control the method by which user accounts are granted or denied remote access
connectivity.
Solution
Using a Graphical User Interface
1.
Start the Active Directory Users and Computers administrative console
from the Administrative Tools folder in the Start menu, or directly from
%systemroot%\system32\dsa.msc
.
