Re: Routing and Remote Access
From: Jan (bril_at_ja.nt)
Date: 12/14/04
- Next message: Paul Adare - MVP - Microsoft Virtual PC: "Re: Who issued the certificate"
- Previous message: CiD: "Changing vpn port to 5631"
- In reply to: Steven L Umbach: "Re: Routing and Remote Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Dec 2004 09:28:40 +0100
Thanks for the input! I have enough options to check. I hope it will solve
the problem.
Regards
Jan
"Steven L Umbach" <n9rou@nospam-comcast.net> schreef in bericht
news:eJJrPmY4EHA.2156@TK2MSFTNGP10.phx.gbl...
> Doesn't know what changes? - Yikes.
>
> First thing I would try is to logon to the server as local administrator
> [not domain users] assuming it is not a domain controller. If that works,
> then you have some user configuration Group Policy applied to you from the
> domain/OU. If it still does not work, it could be a Local Group Policy
> setting via gpedit.msc. Using the gpresult user tool will show what Group
> Policies are applied to a user and computer and the last time the policy
> was applied. The /v switch will give much more detail. If you are using
> Windows 2003 or have an XP Pro computer in a W2K domain you can use the
> Group Policy management Console and RSOP in the logging mode to find
> exactly what policy settings are applying to a user on a particular
> computer and the source GPO. You can download GPMC at the link below if
> you are not using it already. All or particular Management Consoles can be
> denied to a domain user and that also can apply to domain administrators
> if the GPO applies to all users.
>
> http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
>
> Also check that you have property ntfs permissions to the mmc.exe file. As
> far as security policy if you are having problem accessing a Remote Access
> server while logged onto it you may be lacking privileges. You can enable
> auditing of privileges for failure on the server itself and view the
> security log for failure for privilege use. You can modify user right
> assignments in the appropriate security policy under security
> settings/local policies/user rights. If you can not access a remote server
> from the Remote Access Management Console it could be an incompatible
> security option and/or lack of privilege. If still having difficulties use
> the Security Configuration and Analysis mmc snapin on the Remote Access
> Server and run it against the setup security.inf template to see where the
> local applied policy settings differs from the setup security.inf . In
> particular look at user rights, security options [ additional restrictions
> for anonymous connections, lan manger authentication level, or any setting
> with "always" in it and enabled are possibly very suspect] , and services
> as differences in those categories could be your problem. Also verify that
> the remote registry service is running on your Remote Access servers. ---
> Steve
>
>
>
> "Jan" <bril@ja.nt> wrote in message
> news:ewhbJAQ4EHA.3840@tk2msftngp13.phx.gbl...
>>A while ago whe had a security audit on our windows servers. As a result
>>of that my collegue applied a lot of changes in the Group Polcies. Today I
>>found out that some of these changes affect Routing and Remote access.
>>When I start the management console for RAS I get an error "access
>>denied". My collegue doesn't know which of the changes he made affect RAS.
>>I think it has something to do with the local security policy. Can someone
>>help me? If you need more info, tell me!
>>
>
>
- Next message: Paul Adare - MVP - Microsoft Virtual PC: "Re: Who issued the certificate"
- Previous message: CiD: "Changing vpn port to 5631"
- In reply to: Steven L Umbach: "Re: Routing and Remote Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
