RAS - Upgrading to AD

[slackerboy]

For an Active Directory based server, you set the dial-in properties on the Dial-in tab on the user account in Active Directory Users and Computers. There are 3 options under Remote Access Permission: Allow Access, Deny Access, Control access through Remote Access Policy. The Control access through Remote Access Policy option is only available on user accounts in a Windows 2000 native-mode domain. Also, new accounts created in a Windows 2000 mixed mode domain are set to Deny access.

User accounts upgraded to Windows 2000 that were configured with dial-in permission enabled are set to Allow access.

I’m going to assume (in the event we can’t test this) that this works the same way it does now, first the user gets the Allow access, then it checks the Remote Access Policy on the RAS server. However, since we will be in mixed mode, and the Control access through Remote Access Policy is unavailable, does this mean it doesn’t check that and just allows or deny’s based on the dial-in permissions tab?

 

[ashpp]

Hmm not sure I understand the question here. The 3 options under the users ras permissions do exactly what they say they do!

If you deny, the user is denied (no others policies are checked), same with enabled. If they are controlled through RAS then it delegates security to that. Upgrading to AD will make no difference or changes.

And - Yes mixed mode means that the control through ras isn't available.

>However, since we will be in mixed mode, and the Control >access through Remote Access Policy is unavailable, does >this mean it doesn’t check that and just allows or deny’s >based on the dial-in permissions tab?

Yes.


Ash.