plain tutorials

7/29/2019 Plain Tutorials

1/8

Articles from Plain Tutorials

Install and configure Routing and Remote Access onWindows Server 2008 R22012-07-24 10:07:56 Hao Nguyen

Configure Network PoliciesThe last step of configuring a VPN server on Windows Server 2008 R2 is to define adial-in group. This is a normal Global-Security Windows Group. Members of thisgroup are allowed to connect to the VPN server. This method is to simplify theprocess of controlling remote access users. You only need to add the user accountto this group, and he has remote access permission.

1. I will create a global security group on my domain and name it as VPN Users.Some quick screenshot for this stepRight click on the appropriate container,select New --> Group.

Type in the Group Name as VPN Users, group scope as Global and Group

type as Security.
http://www.plaintutorials.com/wp-content/uploads/2012/07/baiviet000128.pnghttp://www.plaintutorials.com/install-and-configure-routing-and-remote-access-on-windows-server-2008-r2/http://www.plaintutorials.com/wp-content/uploads/2012/07/baiviet000128.pnghttp://www.plaintutorials.com/install-and-configure-routing-and-remote-access-on-windows-server-2008-r2/http://www.plaintutorials.com/


2/8

ClickOKto finish this step. Add accounts to this group as members. I will add myaccount haomnguyen and Administrator to this group. Here is the screenshotof my VPN Users group.

2. Next step is to configure the Remote Access Policy for the RRAS server. InWindows 2008 R2, Remote Access is controlled by Network Policy Service

(NPS). Right click on Remote Access Logging & Policies, select LaunchNPS.
http://www.plaintutorials.com/wp-content/uploads/2012/07/baiviet000130.pnghttp://www.plaintutorials.com/wp-content/uploads/2012/07/baiviet000129.png


3/8

3. Network Policy Server console appears, select Network Policies section on

the left hand side. You should see two default policies, just don't touch it. Weneed to create a new policy that allows our group VPN Users to access todial-in.

4. Right click on Network Policies, select New

5. Type in the policy name, anything works. I typed in Allow VPN Users group.Leave the rest as default


4/8

6. Click Next7. Click Add on the Specify Conditions dialog to add new condition. There are

plenty of conditions that NPS supports, but I just need Windows Groups(support both users and computers account as members) condition in thiscase.

8. Select Windows Groups and click Add...

9. Click Add Groups and browse to select VPN Usersgroup that you just


5/8

created.10. Click OK to back to Specify Conditions main screen. One condition works fine

for me in this case.11. Click Next to define the action for those clients/users that match the previousconditions. Select Access grantedbecause I want those members of VPNUsers group to have VPN access.

12. Click Next to select Authentication Method step13. Leave everything as default


6/8

14. Click Next to configure Constraints.15. You might want to configure some options here, such as Idle Timeout and

Session Timeout. I won't enable these settings on my server, just leave it asdefault.
http://www.plaintutorials.com/wp-content/uploads/2012/07/baiviet000137.png


7/8

16. Click Next17. Leave default settings for IP settings and encryption. Your VPN server works

well with all of these default configurations.

18. Click Next19. Click Finish

And now, you're back to the NPS main screen. You should see a new network policynamed Allow VPN Users group with a green check mark. To this step, your VPN is


8/8

working, and it will allow any members of VPN Users group to dial-in. Thoseconnected VPN Clients will have the IP in the range 192.168.200.0/24.

plain tutorials

Documents