Information Technology Reference
In-Depth Information
10.
Click OK when you've configured the remote access profile.
11.
Click Next to continue.
12.
Click Finish to create the new policy.
13.
If there are multiple policies configured for the IAS server, right-click the policy and
click Move Up or Move Down as necessary to place it in the correct processing order.
How It Works
The IAS MMC snap-in allows you to create remote access policies that are nearly identical to
those created for the RAS. You can configure remote access policies for RADIUS clients that are
connecting directly to the IAS server. These policies will establish a specific set of conditions
under which remote clients will (or will not) be permitted to connect to the server. You can
configure remote access policies to allow or disallow client connections based on a number of
conditions, including the type of authentication used by the remote client, the IP address of the
remote client, the day and time of the connection attempt, and many others. You can configure
multiple remote access policies to create extremely granular connection rules, such as the
following:
Disallow any client that does not connect using strong encryption.
Allow members of the VicePresident security group to connect to the RAS server at any
time of day.
Disallow members of the Contractors security group to connect any time other than
Monday through Friday 9 a.m. to 6 p.m.
An RAS or IAS server will evaluate all remote access policies in order; the server will stop as
soon as it finds a matching policy.
See Also
Recipe 5-16 for more on configuring remote access policies
Microsoft KB 816522: “How to Enforce a Remote Access Security Policy in Windows
Server 2003”
6-8. Re-creating the Default Remote Access Policy
Problem
You want to re-create the default remote access policy for an IAS server. The default remote
access policy will deny all incoming remote access connection attempts.
Solution
1.
Open the IAS MMC snap-in.
2.
Right-click Remote Access Policies and select New Remote Access Policy.
