Network policies are used by Network Policy Server (NPS) and the Routing and Remote Access service to authorize connection requests.
Network policies contain overview properties that designate how the policy is to be used and interpreted. Access Permission allows you to configure whether user account dial-in properties in Active Directory® Domain Services (AD DS) are used to perform authorization. It also provides two possible network access values:
- Grant access. If selected, connection
requests whose properties match the conditions and constraints of
the network policy are granted.
- Deny access. If selected, connection
requests whose properties match the conditions of the network
policy are denied.
By default, network policies created with the New Network Policy wizard are configured to deny access. Therefore, Access Permission must be changed after running the wizard in order for the policy to grant access rather than deny access to the network.
Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.
|To configure a network policy to grant or deny access|
Open the NPS console, double-click Policies, and then double-click Network Policies.
In the details pane, double-click the network policy that you want to configure.
In the network policy Properties dialog box, on the Overview tab, change Access Permission to either Grant access or Deny access.