Configure User Accounts and Groups

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To configure user accounts and groups, do the following:

1. Ensure that all users that are making remote access connections have a corresponding user account.

2. Set the remote access permission on user accounts to Grant access or Deny access to manage network access by user. Or, to manage network access by group, set the remote access permission on user accounts to Control access through Remote Access Policy.

3. Organize remote access users into the appropriate universal and nested groups in order to take advantage of group-based remote access policies.

4. If you are using CHAP, enable support for reversibly encrypted passwords in the appropriate domains. You can configure reversibly encrypted passwords by using Group Policy. For more information, see "Enable reversibly encrypted passwords in a domain" in Help and Support Center for Windows Server 2003.

5. If you are using certificate-based authentication, configure the domain in which IAS server computers will be members for the auto-enrollment of certificates. With Windows Server 2003, you can auto-enroll both user and computer certificates.

For more information about configuring user accounts for IAS, see "Dial-up and VPN remote access" in Help and Support Center for Windows Server 2003.

For more information about reversibly encrypted passwords, see "Enable reversibly encrypted passwords in a domain" in Help and Support Center for Windows Server 2003.