Configuring Remote Access Policies

After creating your IAS clients, to set the appropriate access permissions and add the required security settings, you need to define the remote access policies for each client.

To configure remote access policies

  1. On TESTSERVER, from Administrative Tools, open Internet Authentication Service.

  2. On the console tree, right-click the Remote Access Policies node, and then choose New Remote Access Policy.

    The Add Remote Access Policy Wizard starts.

  3. In the Policy friendly name field, type EAP-TLS Authentication, and then choose Next.

  4. On the Conditions page, choose Add.

    The Select Attribute dialog box appears.

  5. From the Attribute types list, choose the Windows-Groups attribute, and then choose Add.

  6. In the Groups dialog box, choose Add.

    A list of available groups appears.

  7. In the Select Groups dialog box, choose the EAP-TLS group, and then choose Add.

  8. Choose OK, and then choose OK again.

    Note   If you have correctly added the attribute for your policy, you will now see Windows-Groups matches "TESTSERVER\EAP-TLS" in the Conditions field for your policy.

  9. Choose Next.

  10. On the Permissions page, choose Grant remote accesspermission, and then choose Next.

  11. On the User Profile page, choose Edit Profile.

    The Edit Dial-in Profile dialog box appears.

  12. Choose the Authentication tab, select the Extensible Authentication Protocol checkbox, and then clear all checkboxes on the page.

  13. Under Select the EAP type which is acceptable for this policy, select Smart Card or other certificate.

  14. To close the Edit Profile dialog box, choose OK.

  15. When the Dial-in Settings dialog box appears, choose No.

  16. On the User Profile page, to complete the Add Remote Access Policy Wizard, choose Finish.

  17. On the console tree, choose the Remote Access Policies node, and then right-click the default remote access policy. This policy should be on the top of the policy list.

  18. Choose Delete.

  19. In the Delete Policy dialog box, choose Yes.

For more information about how to configure IAS clients, see the topic titled, "Checklist: Configuring IAS for dial-up and VPN access" in the Windows 2000 Server Help.

See Also

How to Set Up an 802.1x Network and Connect to It with a CEPC

Last updated on Wednesday, April 13, 2005

© 2005 Microsoft Corporation. All rights reserved.