Remote Access policy question.

JayrodEFJayrodEF Member Posts: 111 ■□□□□□□□□□
I'm reviewing for the 291 exam and came across a question I didn't really get. It involves a question about dail-up remote acess polices and the way multiple policies are applied. Basically, it seems that policies must be applied in a certain order to obtain the desired result if certain restrictions apply to some groups but not to all. I don't recall reading anything about the order in which these policies must be applied. I then assumed policies would be applied from least to most restrictive, but that didn't seem to fit the answer the book gave for the order. I went back to the chapter and couldn't really find any good info on that either. So, does anyone have a quick guide to the reasoning behind the order of application for remote acess policies?

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    I remember this question. It's something about if they're domain admin and some are enterprise admin, etc... I don't remember the exact question though.

    Remote Access Policies apply from top down. Once there is a match, that's it. So if you have the following Remote Access Policies:
    Policy 1
    Policy 2
    Policy 3

    User A matches policy 1. User A applies only Policy 1.
    User B does not match Policy 1 but does match Policy 2. That user will apply Policy 2 and Policy 3 won't get checked.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    royal wrote:
    I remember this question. It's something about if they're domain admin and some are enterprise admin, etc... I don't remember the exact question though.

    Remote Access Policies apply from top down. Once there is a match, that's it. So if you have the following Remote Access Policies:
    Policy 1
    Policy 2
    Policy 3

    User A matches policy 1. User A applies only Policy 1.
    User B does not match Policy 1 but does match Policy 2. That user will apply Policy 2 and Policy 3 won't get checked.

    Correct.

    That should not to be confused with policy conditions. You can use "AND" inside your policies to make sure multiple conditions match. Such as:

    Windows-Group matches "domain\RAS Users" AND
    Client-IP-Address matches "192.168.10.*"
    All things are possible, only believe.
  • JayrodEFJayrodEF Member Posts: 111 ■□□□□□□□□□
    Ah hah. That makes sense. And now that you mention it I do recall reading about that but I wasn't able to find it again obviously. Thanks for the link and all the help!
Sign In or Register to comment.