How To Use Remote Access Policies To Control Remote Access

By Author: Elizabeth
Total Articles: 286
Comment this article

To examine the remote access policies, open the Routing and Remote Access console and expand the CompTIA A+ Essentials server container. Select the Remote Access Policy to view in the detail pane the policies that have been configured. Figure 10-7 shows the two default policies: one specifies Microsoft-specific access, and the other covers all attempts by defining a schedule of 7 days a week/24 hours a day. To review any remote access pol?icy, double-click the policy in the details pane. Figure 10-8 shows the property pages of the default policy. To configure access, you create new remote access policies. When a connection is attempted, remote access policy conditions, remote access pro?files, and user account dial-in properties are evaluated. Many remote access policies are used only by IAS.
Conditions Used by RRAS and IAS
Table 10-1 lists and describes the conditions that can be set in a remote access policy used when Windows authentication is selected and therefore the remote access policies are evaluated by the RRAS server.
User Account Dial-in Is Not Evaluated ...
... When RADIUS authentication is selected (an IAS server will be used) and the IAS Ignore-User-Dialin-Properties attribute is set to true, the following process is used to evaluate a connection attempt.
1.The connection attempt is compared to the first comptia security+ remote access policy's conditions. By default, a remote access policy permits connection at any time of day or on any day of the week. (If no remote access policies exist, the connection is rejected.)
2.If the connection attempt meets the remote access policy conditions, the value of the Ignore-User-Dialin-Properties attribute (which is set in the profile of the policy) is checked. For this procedure, it is set to true.
a.The remote access policy permission is checked. If it is Allow, then continue.If it is Deny, the connection is rejected.
b.The remote access policy profile constraints are evaluated. If the connection settings in the policy profile all match, the connection is allowed. If the connection settings in the policy profile do not all match, the connection is rejected.
3.If the connection attempt does not match all of a remote access policy's conditions, the next remote access policy is evaluated.
4.If no remote access policy matches the connection attempt, then the connection attempt is rejected.If the connection is allowed, then it is constrained by the profile setting in the remote A+ Exams access policy.