Grant remote access per user

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Grant remote access per user

In this example, the network administrator wants to maintain the same administrative model as used in Windows NT 4.0. Dial-in access is granted on a per-user basis by modifying the remote access permission setting of the user account dial-in properties. The remote access permission is set to either Allow access or Deny access. This is the default behavior for remote access policies.

You can create a policy named Allow access if dial-in permission is enabled. The settings on this policy are configured as follows:

• A single condition that consists of the Day-And-Time-Restrictions attribute is set for all times on all days.

• The Deny remote access permission option is selected.

• The profile is set to the default settings.

When a user attempts a remote access connection, the following logic is used to accept or reject the attempt (assuming that the default settings are set for all the other user account dial-in properties):

1. The policy Allow access if dial-in permission is enabled is evaluated.

2. The settings of the connection attempt match the conditions of the policy (the connection attempt occurs on any day or at any time).

3. On the user account, the setting in Remote Access Permission (Dial-in or VPN) is evaluated.

   • If Allow access is selected, the connection is accepted, subject to the settings of the user account dial-in and profile properties.

   • If Deny access is selected, the connection is rejected.