FW_H_VPNUserAccess
To allow remote access for domain groups
In the console tree of ISA Server Management, click Virtual Private Networks (VPN).
In the details pane, click the VPN Clients tab.
On the Tasks tab, click Configure VPN Client Access.
On the Groups tab, click Add.
Type the names of users or groups that are allowed remote access to the ISA Server computer.
Note
To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
For ISA Server 2006 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, and then click Virtual Private Networks (VPN).
For ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Server_Name, and then click Virtual Private Networks (VPN).
Important
When you configure VPN users, you can only add the following local Windows built-in groups: HelpServicesGroup, IIS_WPG, TelnetClients. You cannot add other local built-in groups, such as Administrators, Backup Operators, or Power Users. These local groups are generic, and ISA Server cannot distinguish between local administrators and domain administrators.
In native-mode Active Directory domains, domain accounts have dial-in access controlled by Remote Access Policy by default. In non-native mode (mixed) Active Directory domains, you must enable dial-in access for each domain user account requiring VPN access. For each account, select Allow Access on the Dial-in tab.