Active Directory doesn’t let you edit the Dial-up of VPN access policies for multiple users at once through the GUI. You have to edit this setting one at a time for each user. This can be painstaking if you a lot of users. Luckily there is a VB script available like for almost everything else in AD.

Dim aConnection, aCommand, aResult, strLDAPPath, user, objUser
Const ADS_PROPERTY_CLEAR = 1
strLDAPPath = InputBox("Please enter the LDAP path of the OU:")
WScript.Echo strLDAPPath
Set aConnection = CreateObject("ADODB.Connection")
Set aCommand = CreateObject("ADODB.Command")
aConnection.Provider = "ADsDSOObject"
aConnection.Open
aCommand.ActiveConnection = aConnection
aCommand.CommandText=";(&(objectCategory=Person)(objectClass=User));distinguishedName;subTree"
Set aResult = aCommand.Execute()
Do While Not aResult.EOF
strDN = aResult.Fields("distinguishedName")
WScript.Echo strDN
Set objUser = GetObject("LDAP://" & strDN)
' Comment the following line to manage connection through Remote Access Policy
objUser.Put "msNPAllowDialin", FALSE
' Uncomment the following line to manage connection through Remote Access Policy
' objUser.PutEx ADS_PROPERTY_CLEAR, "msNPAllowDialin", 0
objUser.SetInfo
aResult.MoveNext
Loop


This script will update the access settings for a group of users in a particular OU. Once you run the script, a dialog box will ask you for this OU. Once this is set all users in that OU will be updated.

The AD property this script modifies is ‘msNPAllowDialin’. This property is accepts boolean values. So the three options are

  • TRUE (to allow access)
  • FALSE (to deny access)
  • To manage access via the Remote Access Policy, comment out the

    objUser.Put "msNPAllowDialin", FALSE

    and uncomment the

    ' objUser.PutEx ADS_PROPERTY_CLEAR, "msNPAllowDialin", 0

    line.

     

    If you want to allow non-admin users in Windows to change the IP address settings on their PCs, you can add them to the built-in “Network Configuration Operators” group. This can be done from the command line as

    net localgroup "Network Configuration Operators" /add <username>

     

    This Microsoft KB article lists 3 ways to grant non-admin users the rights to manage services on a windows machine.

    Method 1: Grant rights using Group Policy
    Method 2: Grant rights using Security templates
    Method 3: Grant rights using Subinacl.exe

    The easiest and fastest method? Method 3 using subinacl.
    SUBINACL /SERVICE \\MachineName\ServiceName /GRANT=[DomainName\]UserName[=Access]

    [Source: How to grant users rights to manage services in Windows 2000]

     

    ExchMbx is a command-line utility that lets you create user mailboxes, mail enable an AD object, move mailboxes and delete mailboxes among other tasks that can be done using the GUI.

    Ex1:
    ExchMbx -b cn=joe,dc=joe,dc=net -cr srv1:sg1:db2
    Create mailbox for joe in Server srv1, storage group sg1, database db2.

    Ex2:
    ExchMbx -b cn=joe,dc=joe,dc=net -move srv1:sg1:db2
    Ditto ex1 but move.

    Ex3:
    ExchMbx -b cn=joe,cn=users,dc=joe,dc=net -clear
    Clear Exchange attrs for joe, will delete mailbox or
    clean email addresses of mailenabled objects.

    Ex4:
    ExchMbx -b cn=gr1,cn=users,dc=joe,dc=net -me
    Mail Enable group gr1

    Ex5:
    ExchMbx -b cn=con1,cn=users,dc=joe,dc=net -me joe@joeware.net
    Mail Enable contact con1 with email address joe@joeware.net

    ExchMbx can be obtained from joeware.net along with many other useful tools.

    [examples sourced from the ExchMbx Usage page]

     

    Netsh.exe can be very useful in viewing and editing TCP/IP settings from the command line.

    To view your TCP/IP settings in a Command Prompt, type
    netsh interface ip show config

    To configure an IP address and other TCP/IP related settings:
    netsh interface ip set address name="Local Area Connection" static 192.168.1.101 255.255.255.0 192.168.1.1 1

    To obtain an IP address from a DHCP server:
    netsh interface ip set address "Local Area Connection" dhcp

    To configure DNS and WINS addresses:
    netsh interface ip set dns "Local Area Connection" static 192.168.0.200

    and this for WINS:
    netsh interface ip set wins "Local Area Connection" static 192.168.0.200

    Or, to dynamically obtain DNS settings:
    netsh interface ip set dns "Local Area Connection" dhcp

    As a bonus tip, you can export your IP settings to a text file using the following command:
    netsh -c interface dump > c:IPSettings.txt

    To import the settings, type
    netsh -f c:IPSettings.txt
    OR
    netsh exec c:location2.txt

    You can use this to quickly switch between different settings.

    © 2012 !NSFW Suffusion theme by Sayontan Sinha