I needed an easy way to “Allow access” under “Network Access Permission” in the “Dial-in” tab of the “Active Directory Users and Computers” console for several users in a Windows 2003/2008 ADS environment.

At first, I approached this task from a scripting angle. I developed a VBscript that would worked in my test environments, but not in production. I am still not sure why, but I have not had to time to look into it further. I suspect it has to do with some policy restrictions or permissions. I know the script was working, because I could see that the “msNAPllowDialin” ADS attribute was being modified. However, when I opened up “Active Directory Users and Computers,” the change was not reflected. Also, I was still not able to use our VPN that requires the attribute be enabled.

Being short on time, I looked for a powershell command, or some other command line solution. It was then that I rediscovered the netsh command. I had used this command in the past, but did not document anything about it. I want to get something posted on it, because it is a tremendously powerful command and one that every seasoned Windows administrator should know about. In my case, this command helped solve my issue quickly. I used the following command syntax to choose “Allow access” on the “Network Access Permission” radio button:

netsh RAS set user name=username dialin=PERMIT

The netsh command has many options. Among them, I found that looked pretty interesting (netsh dump). It creates a script of your current settings. There is another option, netsh exec, that you can use to execute a netsh script like the the “netsh dump” creates. These could be incredible useful. There are several other options. You can find help and syntax for all the options by entering a “?” when you need more information. For example, “netsh ?” or “netsh set ?”, etc. You can add to question mark to any level to find more information. Very useful command. I wish I had written down what I used it for before.