Herb Martin
Guest
|
 Posted:
Thu Nov 10, 2005 9:51 am Post subject:
Re: remote access permission -- |
|
|
"ray" <ray@discussions.microsoft.com> wrote in message
news:653B5BD2-70DF-4D65-9D8E-976517E26361@microsoft.com...
| Quote: | I have a client with 500 users and we need to search active directory for
the
value of the remote access permission (so that they can monitor who has
allow
and who has deny access). I am unable to find a way to do this. I have
tried dumping active directory via csvde.ex and ldifde.exe and perfroming
a
search for the msNPAllowDialin property without success...
1) how can we search AD for the status of users remote access permission
|
DSQuery perhaps? (try /help)
ADSI script? (Or ldap) Search Microsoft for "ADSI script-o-matic" if you
need initial help with scripts....
| Quote: | 2) is there a way to set the remote access permission to allow/deny using
GPO -- if not, how would we do this (like maybe allow the right depending
on
a group membership...)
|
1) Set all users to "control access through policy" (using AD Users and
Computers).
Domain must be in "native or Win2003 server native mode".
(Multiple selection works for this, so many users can be set in GUI at
once or
use a script...)
2) Use an RRAS policy based on Group membership (RRAS Polices in the RRAS
MMC)
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site] |
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in