none
How to grant privileges for users domain conect to VPN server?

    Question

  • Hi everyone,

       My system used to AD Windows server 2008 to manage. Current, i want to grant privileges for users domain can connect VPN but i can't. It notify error:

    NOTE: FlushIpNetTable failed on interface [12]{49D27953-...} (status=5): Access is denied
    .....
    ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=12]
    ..

     Althought, I added users into Configuration Network Group and create GPO allow access Network Connection.

    Please, help me!

    Thanks,

    Friday, October 30, 2015 2:22 AM

Answers

  • Hi,

    VPN connection is set by NPS remote access network policy on NPS server instead of GP in active directory.

    If you want to manage authorization by using group accounts, then you must set the network access permission on your user accounts. You can configure this setting for your user accounts by using Group Policy. Place the user accounts that are to be granted remote access permissions into a group account that you create in Active Directory. But you can use NPS to disable the processing of dial-in properties for user and computer accounts in other scenarios (such as wireless and authenticating switch). To do this, configure the Ignore user account dial-in properties setting on the Overview tab of the policy settings for a remote access network policy.

    For more information about NPS remote access network policy, please refer to the article below.

    https://technet.microsoft.com/en-us/library/ff687703%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    Best Regards,

    Jay

    Friday, October 30, 2015 9:08 AM
    Moderator