Step 5: Adding Admin1 to the Group and Testing Again

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

In this step, you add your user account Admin1 to the security group Authorized to Access MBRSVR1, and then verify that it enables the client to access the Telnet service again.

To add Admin1 to the group

  1. On DC1, in the Users container, double-click the group Authorized to Access MBRSVR1, and then click the Members tab.

  2. Click Add.

  3. In the Select Users, Contacts, Computers, or Groups dialog box, in the text box, type Admin1 and then click OK.

  4. Click OK to close the group Properties page.

To test Telnet access from CLIENT1 to MBRSVR1

  1. Because Admin1’s group membership must be refreshed, you must log off and log on again. On CLIENT1, log off, and then log on as contoso\admin1.

  2. Open an Administrator: Command Prompt, and then run gpupdate /force. When you logged off and back on, user policy is refreshed; this step refreshes computer policy.

  3. At the command prompt, run telnet mbrsvr1

    The command works because all requirements of the rules are now satisfied. Only computers that are a member of the domain and users that authenticate as a member of the specified group can access the Telnet service on MBRSVR1.

  4. Open the Windows Firewall with Advanced Security snap-in.

  5. Expand Monitoring, expand Security Associations, and then click Quick Mode.

  6. Double-click the SA to display its properties. There is now a protocol listed next to ESP encryption (Windows 7) or ESP confidentiality (Windows Vista). That is the encryption algorithm being used by this connection.

    The encryption settings that are used are determined by the IPsec defaults. You can find these by opening the Windows Firewall with Advanced Security Properties dialog box, and then select the IPsec Settings tab. Under IPsec defaults click Customize, under Data protection (Quick Mode), select Advanced, and then click Customize. The algorithm combination (called a quick mode proposal) in the Data integrity and encryption column that is highest on the list and that matches a proposal on the remote server is the one used.

  7. Click OK to close the SA, and then close Windows Firewall with Advanced Security.

  8. In the Telnet window, type exit, and then press ENTER to end the Telnet session.

Next topic: Creating Firewall Rules that Allow IPsec-protected Network Traffic (Authenticated Bypass)