Configure a Network Policy to Grant or Deny Access

Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Network policies are used by Network Policy Server (NPS) and the Routing and Remote Access service to authorize connection requests.

Network policies contain overview properties that designate how the policy is to be used and interpreted. Access Permission allows you to configure whether user account dial-in properties in Active Directory® Domain Services (AD DS) are used to perform authorization. It also provides two possible network access values:

  • Grant access . If selected, connection requests whose properties match the conditions and constraints of the network policy are granted.

  • Deny access . If selected, connection requests whose properties match the conditions of the network policy are denied.

Note

By default, network policies created with the New Network Policy wizard are configured to deny access. Therefore, Access Permission must be changed after running the wizard in order for the policy to grant access rather than deny access to the network.

Membership in Domain Admins , or equivalent, is the minimum required to complete this procedure.

To configure a network policy to grant or deny access

  1. Open the NPS console, double-click Policies , and then double-click Network Policies .

  2. In the details pane, double-click the network policy that you want to configure.

  3. In the network policy Properties dialog box, on the Overview tab, change Access Permission to either Grant access or Deny access .

See Also

Concepts

Access Permission