Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You cannot add some local built-in groups when you configure VPN client access in Internet Security and Acceleration Server 2004


View products that this article applies to.

Symptoms

When you configure virtual private network (VPN) client access in Microsoft Internet Security and Acceleration (ISA) Server 2004 to specify which local groups have remote access, you can add only the following groups:
  • HelpServicesGroup
  • IIS_WPG
  • TelnetClients
You cannot add other local built-in groups, such as Administrators, Backup Operators, or Power Users.

↑ Back to the top


Cause

This issue occurs because the other local groups are generic. The VPN server cannot distinguish between local administrators and domain administrators.

↑ Back to the top


Workaround

To give remote access to a local administrator, modify the Administrator dial-in properties. To do this, follow these steps:
  1. On the ISA Server computer, click Start, point to Administrative Tools, and then click Computer Management.
  2. In Computer Management, click System Tools, click Local Users and Groups, and then click Users.
  3. In the Details pane, right-click Administrators, and then click Properties.
  4. On the Dial-in tab, click Allow access under Remote Access Permission (Dial-in or VPN).

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


Keywords: KB891240, kbprb, kbtshoot

↑ Back to the top

Article Info
Article ID : 891240
Revision : 1
Created on : 1/25/2005
Published on : 1/25/2005
Exists online : False
Views : 273