Active Directory doesn’t let you edit the Dial-up of VPN access policies for multiple users at once through the GUI. You have to edit this setting one at a time for each user. This can be painstaking if you a lot of users. Luckily there is a VB script available like for almost everything else in AD.

Dim aConnection, aCommand, aResult, strLDAPPath, user, objUser
Const ADS_PROPERTY_CLEAR = 1
strLDAPPath = InputBox("Please enter the LDAP path of the OU:")
WScript.Echo strLDAPPath
Set aConnection = CreateObject("ADODB.Connection")
Set aCommand = CreateObject("ADODB.Command")
aConnection.Provider = "ADsDSOObject"
aConnection.Open
aCommand.ActiveConnection = aConnection
aCommand.CommandText=";(&(objectCategory=Person)(objectClass=User));distinguishedName;subTree"
Set aResult = aCommand.Execute()
Do While Not aResult.EOF
strDN = aResult.Fields("distinguishedName")
WScript.Echo strDN
Set objUser = GetObject("LDAP://" & strDN)
' Comment the following line to manage connection through Remote Access Policy
objUser.Put "msNPAllowDialin", FALSE
' Uncomment the following line to manage connection through Remote Access Policy
' objUser.PutEx ADS_PROPERTY_CLEAR, "msNPAllowDialin", 0
objUser.SetInfo
aResult.MoveNext
Loop


This script will update the access settings for a group of users in a particular OU. Once you run the script, a dialog box will ask you for this OU. Once this is set all users in that OU will be updated.

The AD property this script modifies is ‘msNPAllowDialin’. This property is accepts boolean values. So the three options are

  • TRUE (to allow access)
  • FALSE (to deny access)
  • To manage access via the Remote Access Policy, comment out the

    objUser.Put "msNPAllowDialin", FALSE

    and uncomment the

    ' objUser.PutEx ADS_PROPERTY_CLEAR, "msNPAllowDialin", 0

    line.

     

    If you want to allow non-admin users in Windows to change the IP address settings on their PCs, you can add them to the built-in “Network Configuration Operators” group. This can be done from the command line as

    net localgroup "Network Configuration Operators" /add <username>

     

    Windows Administrators can change the power configuration policy from the command line using the powercfg.exe ultility present on all Windows XP/2003 systems.

    To list the current policies
    POWERCFG /list

    To change the active policy
    POWERCFG /SETACTIVE "policy_name" (replace policy_name with a real policy name)

    The following example sets the “Home/Office Desk” profile to the given values.
    POWERCFG /CHANGE "Home/Office Desk" /monitor-timeout-ac 15
    POWERCFG /CHANGE "Home/Office Desk" /monitor-timeout-dc 10
    POWERCFG /CHANGE "Home/Office Desk" /disk-timeout-ac 20
    POWERCFG /CHANGE "Home/Office Desk" /disk-timeout-dc 15
    POWERCFG /CHANGE "Home/Office Desk" /standby-timeout-ac 25
    POWERCFG /CHANGE "Home/Office Desk" /standby-timeout-dc 20
    POWERCFG /CHANGE "Home/Office Desk" /hibernate-timeout-ac 0
    POWERCFG /CHANGE "Home/Office Desk" /hibernate-timeout-dc 0
    POWERCFG /CHANGE "Home/Office Desk" /processor-throttle-ac ADAPTIVE
    POWERCFG /CHANGE "Home/Office Desk" /processor-throttle-dc ADAPTIVE

    You can also change profiles being used.
    POWERCFG /SETACTIVE "Always On"

    To create a new profile
    POWERCFG /CREATE "New Policy"
    POWERCFG /CHANGE "New Policy" /monitor-timeout-ac 15
    POWERCFG /CHANGE "New Policy" /monitor-timeout-dc 10
    ...
    ...
    POWERCFG /CHANGE "New Policy" /processor-throttle-ac ADAPTIVE
    POWERCFG /CHANGE "New Policy" /processor-throttle-dc ADAPTIVE
    POWERCFG /SETACTIVE "New Policy"

    Links
    How to use Powercfg.exe in Windows Server 2003
    Powercfg Command-Line Options
    Using Powerconfig.exe in a logon script to configure power management settings

    © 2012 !NSFW Suffusion theme by Sayontan Sinha