Last post Aug 04, 2009 09:41 AM by jayv
Jul 24, 2009 11:42 AM|jayv|LINK
Does anyone know if it is even possible to programatically set dial-in permissions? When using System.DirectoryServices.AccountManagement, there does not seem to be a property or method relating to remote access permissions. My users are
being created with this set to "deny access" by default. I need it set to "allow access". If this can not be done programatically, can it perhaps be set at the group level via some policy or something? Thanks.
Jul 25, 2009 03:54 AM|abhilashca|LINK
As fas a I understood, do you mean that you need tp dial a connection to a remote server? Is that so? Then there is a built-in exe in Windows named
rasdial.exe through which we can connect/disconnect to/from a remote server.
For connecting you can use it as:
rasdial [connection_name] [username] [password]
rasdial [connection_name] /disconnect
Sorry, if I guessed too wild.
Jul 28, 2009 08:47 AM|raghu1|LINK
I could be wrong here but there is an AD attribute: msnpallowdialin. You might have to set the value of this to true.
What is the purpose. Normally there should be an AD group ane members of this group can dial-in/VPN-into the network.
Aug 04, 2009 09:41 AM|jayv|LINK
Actually, i figured it out, but thanks for having a go at it. The dialin permissions are a tab within AD. The reason my accounts were being defaulted to "denied" is because the AD was set to mixed mode - and because NT doesnt support it, it was greyed
out. I just promoted the AD to windows 2003, and the default for that is to use the policy which works just fine because my IAS policy allowed ras. Anyway, in short, the answer was to use AD in windows 2000, or windows 2003 mode, and not mixed mode.