Question on RRAS in Windows Server 2012R2

Hello!

Can anybody post a link to a document explaining the priority between the Dial-In permissions available on a user account's Dial-In tab in AD?

I mean should a VPN server look into the NPS network policy - for example, for User2 - if that User2 has itsDial-In permission explicitly set for Allow access?

In my test network no user can get access untill he/she complies with the NPS network policy:

In Windows 2000/2003 (maybe in 2008 too - I don't remember) setting a user's Dial-In permission to Allow access meant the network policy should NOT be checked at all - has this behaviour changed in Windows Server 2012R2?

Thank you in advance,

Michael

June 18th, 2015 11:10am
Hi,

Policies are evaluated as follows:
match the conditions of the policy to the conditions of the attempted connection.
check the user accounts dial-in permissions.
apply the settings in the policys profile to the incoming connection.

Default policy will be created(enabled) when Routing and Remote Access/Network Policy Server is installed. Different OS version may has different default policy, you may check it first.  

Best Regards,
Eve Wang                                                                                                                                
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2015 11:05pm

Hi Eve,

Thank you for the reply!

"Default policy will be created(enabled) when Routing and Remote Access/Network Policy Server is installed." - in RRAS 2012R2 NO NPS policy is enabled by default.

"match the conditions of the policy to the conditions of the attempted connection.
check the user accounts dial-in permissions.
apply the settings in the policys profile to the incoming connection." - seems that's true in Server 2012R2, but in Windows 2000 Server that was not: enabling the Allow Access Dial-In permission alone was enough for getting acess regardless of "match the conditions of the policy to the conditions of the attempted connection." It is strange for me that I can't find corresponding information on Windows Server 2012R2/RRAS on technet/msdn...  

 

June 20th, 2015 4:32am
Hi,

I havent find detailed official document on Microsoft website about WS 2012/2012 R2. In general, some document applied to previous OS version(WS 2008) might be also applied to WS 2012/2012 R2. And also, earlier version such as WS 2000, there might be some difference.

Best Regards,
Eve Wang
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2015 3:01am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics