Hi I have setup a Server 2008 R2 with RRAS & NPS (for VPN) in my domain. Firewall has been configured to forward relevant vpn port to this VPN server.
I have following Network Policies in order (second and third are created by default)
- Allow VPN for my test group - Enabled - Grant Access - Source: Remote Access Server (VPN-Dial up) - Conditions: MYDOMAIN\My_VPN_Users Group
- Connections to Microsoft Routing and Remote Access server - Enabled - Grant Access - Source: Remote Access Server (VPN-Dial up) - Conditions: MS-RAS Vendor ID ^311$
- Connections to other access servers - Enabled - Grant Access - Source: Remote Access Server (VPN-Dial up) - Conditions: Day and time restrictions (sunday-monday)
The problem is currently all users are able to connect via vpn to the network; What do I need to do so that only members of My_VPN_Users group can connect via vpn. I would like to Deny Access to all other domain users & administrators to connect via
vpn.
Some new network policy is only taking effect after restarting the server; Is this by default ? Restarting RRAS service didnt help either. I cannot find Network Policy Server services; Is there anyway to restart the NPS services without restaring the server.
Your help will be much appreciated, thank you.