Running IAS on 2003 R2 and have a question on dial-in/VPN access to IAS. All of the users in my AD tree have the setting under dial-in "control access through remote access policy" enabled by default. This would effectively allow all users access via VPN to the IAS server and network. Is there a way to enable a policy that says "Allow access if dial-in permission is enabled" for the users attempting to connect to the IAS server? I see reference to this setting for server 2000 but not 2003. Also is there a way to globally change the setting "control access through remote access policy" for all users to deny access? Any help would be appreciated. Thanks

Hi,As far as I know, there is no "Allow access if dial-in permission is enabled" policy. However, You can setup two security group and create a IAS policy to allow/block access of these groups. Just move users to according groups to give them access rights or block their access. Creating security groups for IAS is also the workaround for "control access through remote access policy". Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.