RAP Conditions Vs Profile allow access or restrict access
aquageek
Member Posts: 152
Ok, doing some practice tests and I came across a scenario.
Condtion: policy to allow access 9am to 5pm sunday through saturday.
Active Directory: User account is set to allow access
Policy: Deny Access (over ridden by AD user setting)
Profile: Restrict access to 00:00 to 24:00 monday through friday.
Why would the condition allow you to connect through the weekend when the profile is just going to restrict your access?
Condtion: policy to allow access 9am to 5pm sunday through saturday.
Active Directory: User account is set to allow access
Policy: Deny Access (over ridden by AD user setting)
Profile: Restrict access to 00:00 to 24:00 monday through friday.
Why would the condition allow you to connect through the weekend when the profile is just going to restrict your access?
You are the systems administrator for a large enterprise that has decided to place computers in the lobby for access to public company information. On Tuesday morning Rooslan storms into your office screaming, "what the hell is this? In the last question I was the systems administrator. Now I am only a "Backup Operator"? This **** is crazy!"
Comments
-
tmpruess
Member Posts: 4 ■■■□□□□□□□
The RRAS server applies the permissions in the order that you listed below:
Condition
Active Directory
(RAP Policy if AD is set to Control Access through Remote Access Policy)
Profile
In order to connect to the RRAS server a user has to meet only 1 of the policies in the condition field. Usually these policies are meant to be applied to EVERYONE dialing in. So the only time anyone in the organization can access the server is between 9am - 5pm sunday - saturday unless they meet another condition.
After the AD restrictions get applied the Profile settings are checked. These settings apply more restrictions to the user's access time so the user will only be able to connect monday - friday 9am - 5pm.
Finally, to answer your question maybe the company does not want this user to have access to the company resources during the weekend but still wants other users to have the access to dail in during the weekend. -
aquageek
Member Posts: 152
Ok, yeah, that makes sense. Thanks!You are the systems administrator for a large enterprise that has decided to place computers in the lobby for access to public company information. On Tuesday morning Rooslan storms into your office screaming, "what the hell is this? In the last question I was the systems administrator. Now I am only a "Backup Operator"? This **** is crazy!"