How to configure Active Directory accounts and groups for wireless access in Windows 2000 (318750)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q318750

IN THIS TASK

SUMMARY

This step-by-step article describes how to configure both user accounts and computer accounts to support wireless access in a Windows 2000 domain.

To configure Active Directory to support wireless access, you must perform the following tasks:
  • Create an account for each user.
  • Create an account for each wireless computer.
  • Grant Remote access permissions to each computer account.
  • Grant Remote access permissions to each user account.
  • Organize user and group accounts into universal and global groups to apply group-based remote access policy settings.
back to the top

How to configure a user account

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Click the container that contains the user account that you want to configure.
  3. Right-click the user account in the right pane, and then click Properties.
  4. Click the Dial-in tab, and then perform one of the following tasks:
    • Click Allow access if you want to manage remote access by using individual user accounts.
    • Click Control access through Remote Access Policy if you want to control remote access by using groups.

      Note The domain must be running in native mode to support this option.
  5. Click OK.
  6. Quit the Active Directory Users and Computers snap-in.
back to the top

How to configure a computer account

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Click the container that contains the computer account that you want to configure.
  3. Right-click the computer in the right pane, and then click Properties.
  4. Click the Dial-in tab, and then click Allow access.

    Note If the Dial-in tab is not displayed, install the update that is described in the following Microsoft Knowledge Base article:

    306260 Cannot modify dial-in permissions for computers that use wireless networking

  5. Click OK.
  6. Quit the Active Directory Users and Computers snap-in.
back to the top

How to organize wireless clients into groups

Use universal and nested global groups to organize the computer accounts and user accounts of clients who access the domain by using wireless technology. Apply remote access policies to these groups. For example, you may want to create a universal group that contains global groups of wireless user accounts and computer accounts for access to the internal network. If so, create a second universal group that contains global groups of wireless user accounts and computer accounts for Internet access.

For additional information about groups:
  1. Click Start, and then click Help.
  2. Click the Search tab, type the following text, and then click List Topics:

    groups

  3. In the Select topic list, click Groups, and then click Display.
back to the top

REFERENCES

For more information about enterprise deployment of IEEE 802.11 by using Microsoft Windows XP and Windows 2000 Internet Authentication Service (IAS), visit the following Microsoft Web site:

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/usermigr.mspx

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

318710 How to support wireless connections in a Windows 2000 domain

back to the top
Modification Type:MajorLast Reviewed:4/21/2006
Keywords:kbhowto kbHOWTOmaster KB318750 kbAudITPro
©2004 Microsoft Corporation. All rights reserved.