How Remote Access Policies Work

To design remote access policies, you must understand how MCSE 2003 exams work. Connection attempts can be made via wired or wireless connections. They can arrive via the Internet, the WAN, a dial-up connection, and a direct connection to a carrier or ISP. When the connection reaches the remote access server, remote access policies are processed to determine whether the connection should be accepted or rejected. The decision is based on a combination of remote access policy conditions, permission, and profile constraints as well as the settings on the user account dial-in property page. An excep?tion to this process is new in Windows Server 2003 when IAS is used as the authenti?cation provider. The exception hinges on the value of the remote access policy profile. The advanced page attribute Ignore-User-Dialin-Properties is set to false (the default) or true, as indicated in Figure 10-5. This attribute is not evaluated until the connection attempt has met the remote access policy conditions; however, it can make a significant difference in policy processing. Ignoring user account settings is important if a setting there might interfere with the connection (for example, if a wireless access point cannot be dialed like a phone line, yet a user's account setting can specify that call-back should be used). This attribute can also be used to configure remote access policies for authentication switches, another component that cannot be "dialed." Two procedures that explain remote access policy evaluation follow.
Exam Tip If all remote access policy conditions are not met by the connection attempt, the next remote access policy is evaluated. Remote access policy profile constraints and user account dial-in properties are evaluated only if remote Free practice exams for MCTS access policy conditions are met.
1.The connection attempt is compared to the first remote access policy conditions.By default, a remote access policy permits connection at any time of day or on any day of the week. (If no remote access policies exist, the connection is rejected.)
2.If the connection attempt meets the remote access policy conditions, the value of the Ignore-User-Dialin-Properties attribute (which is set in the profile of the policy) is checked. For this procedure, it is set to false.
a.The remote access setting of the user account is checked.
b.If the user account setting is Grant, then continue. The remote access policy profile connection settings and the user account settings are applied. If the
connection settings do not match, the connection is rejected; if they match,the connection is accepted.
c.If the user account setting is Deny, the connection attempt is rejected.
d.If the user account setting is neither Allow nor Deny, it is set to Control Access Through Remote Access Policy. The remote access permission setting of the policy CCNA exam is checked. If it is Deny, the connection is rejected. If it is allow,then continue.