How can I set a remote access policy / gpo to deny RAS VPN access to a particular OU?

vpn permissions group-policy remote-access rras
5,808

In the VPN settings in RRAS, you can change the policy to check that users are a member of a domain security group. Then you can simply add users and groups to give access. Everyone else is denied.

OUs are organisation units. Security groups allow access to resources. They serve different purposes. Sometimes it would be nice to treat OUs and groups the same but they arn't and it usually means that you are using them in a way that isn't as MS intended (which usually causes other problems later)

I'm not in front of an RRAS server so I can't detail the exact options, but I'll update this answer later if nobody else comes up with the steps.

Addn: Create a security group. Make sure users have 'Control access through Remote Access Policy' option selected on their Dial-in tab in Users and Computers. In Routing and Remote Access add a new remote access policy, and add to that conditions NAS-Port-Type matches 'Virtual (VPN)' to apply this to VPN connections and Windows-Groups matches 'DOMAIN\Group' substituting your domain and the new group.

Share:
5,808
Admin
Author by

Admin

Updated on September 17, 2022

Comments

  • Admin
    Admin over 1 year

    On my Windows 2000 Native domain, I want to prevent service accounts from being able to connect via our MS VPN. (Via a Win2000 RAS server.)

    Say my AD structure is like this:

    • MyDomain
      • MyUsers
      • MyServiceAccts

    I want to have AD users in the MyServiceAccts OU, but don't want them to be able to connect to the VPN.

    My Remote Access Policy is set to "Allow Access If Dial-In Permission Is Allowed", and all my user accounts have "Control access through remote access policy" set.

    I can see how to restrict it by user group, but not by OU.

    Any ideas?

    Cheers,

    Ben

  • bkirkbri
    bkirkbri about 12 years
    Still waiting on those steps :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

I cannot create a new VPN connection 14.04
How to run an autostart application as root?
I can't connect to localhost from other computers
Access workstations without public IP - maybe with VPN
"Temporarily" disable group policy?
How to share outside your network
Windows 7 screensaver options greyed out
Cannot enable shared access. Error: 87 the parameter is incorrect
Users and Groups management on 7 Home Premium
Connect to VPN before Windows 7 starts