Configure NPS to Ignore User Account Dial-in Properties

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

Use this procedure to configure an NPS network policy to ignore the dial-in properties of user accounts in Active Directory during the authorization process. User accounts in Active Directory Users and Computers have dial-in properties that NPS evaluates during the authorization process unless the Network Access Permission property of the user account is set to Control access through NPS Network Policy.

There are two circumstances where you might want to configure NPS to ignore the dial-in properties of user accounts in Active Directory:

  • When you want to simplify NPS authorization by using network policy but not all of your user accounts have the Network Access Permission property set to Control access through NPS Network Policy. For example, some user accounts might have the Network Access Permission property of the user account set to Deny access or Allow access.

  • When other dial-in properties of user accounts are not applicable to the connection type configured in the network policy. For example, properties other than the Network Access Permission setting are applicable only to dial-in or VPN connections, but the network policy you are creating is for wireless or authenticating switch connections.

You can use this procedure to configure NPS to ignore user account dial-in properties. If a connection request matches the network policy where this check box is selected, NPS does not use the dial-in properties of the user account to determine whether the user or computer is authorized to access the network; only the settings in the network policy are used to determine authorization.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group.

To configure NPS to ignore user account dial-in properties

  1. Click Start, click Administrative Tools, and then click Network Policy Server. The NPS console opens.

  2. Double-click Policies, click Network Policies, and then in the details pane double-click the policy that you want to configure.

  3. In the policy Properties dialog box, on the Overview tab, in Access Permission, select the Ignore user account dial-in properties check box, and then click OK.