Dial-In Properties of Accounts

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2

In Windows Server 2008, accounts in the Security Accounts Manager (SAM) database for a stand-alone server or in the user accounts database for an Active Directory Domain Services (AD DS)-based server contain a set of dial-in properties that are used when allowing or denying a connection attempt made by a user or computer. For a stand-alone server, the dial-in properties are available on the Dial-in tab of the user or computer object in the Local Users and Groups Microsoft Management Console (MMC) snap-in. For an AD DS-based server, the dial-in properties are available on the Dial-in tab of the user or computer account in the Active Directory Users and Computers snap-in.

The dial-in properties for an account are the following:

Network Access Permission

Use this property to set whether network access is explicitly allowed, denied, or determined by Network Policy Server (NPS) network policies. If access is explicitly allowed, network policy conditions or other account properties can override the setting.

Note

By default, the Administrator and Guest accounts are set to Control access through NPS Network Policy or Control access through Remote Access Policy on a stand-alone Routing and Remote Access service (RRAS) server or in a Windows 2000 or later domain. In addition, new accounts created on a stand-alone RRAS server or in a Windows 2000 or later domain are set to Control access through NPS Network Policy or Control access through Remote Access Policy.

Verify Caller ID

When Caller ID is enabled, the server verifies the caller's phone number..

Caller ID must be supported by the caller, the phone system between the caller and the remote access server, and the remote access server. On a computer running the Routing and Remote Access service, caller ID support consists of call answering equipment that provides caller ID information and the appropriate Windows driver to pass the information to the Routing and Remote Access service.

The connection attempt is denied if:

  • The caller's phone number does not match the configured phone number

  • The caller ID phone number is configured for a user, but you the passing of caller ID information from the caller to the Routing and Remote Access service is not supported.

Callback Options

If this property is enabled, the server calls the caller back during the connection establishment at a phone number set by the caller or a specific phone number set by the administrator.

Assign a Static IP Address

If this property is enabled, the administrator assigns a specific IP address to the user when the connection is made.

Apply Static Routes

If this property is enabled, the administrator defines a series of static IP routes that are added to the routing table of the remote access server when a connection is made. This setting is designed for accounts that Windows Server 2008, Windows Server 2003, or Windows 2000 routers use for demand-dial routing.

Note

You can configure NPS network policy to ignore the dial-in properties of user and computer accounts by selecting or clearing the Ignore user account dial-in properties check box on the Overview tab of a network policy. For more information, see Access Permission.