My notes, things I have learned, and documentation I have created.

I needed an easy way to “Allow access” under “Network Access Permission” in the “Dial-in” tab of the “Active Directory Users and Computers” console for several users in a Windows 2003/2008 ADS environment.

At first, I approached this task from a scripting angle. I developed a VBscript that would worked in my test environments, but not in production. I am still not sure why, but I have not had to time to look into it further. I suspect it has to do with some policy restrictions or permissions. I know the script was working, because I could see that the “msNAPllowDialin” ADS attribute was being modified. However, when I opened up “Active Directory Users and Computers,” the change was not reflected. Also, I was still not able to use our VPN that requires the attribute be enabled.

Being short on time, I looked for a powershell command, or some other command line solution. It was then that I rediscovered the netsh command. I had used this command in the past, but did not document anything about it. I want to get something posted on it, because it is a tremendously powerful command and one that every seasoned Windows administrator should know about. In my case, this command helped solve my issue quickly. I used the following command syntax to choose “Allow access” on the “Network Access Permission” radio button:

netsh RAS set user name=username dialin=PERMIT

The netsh command has many options. Among them, I found that looked pretty interesting (netsh dump). It creates a script of your current settings. There is another option, netsh exec, that you can use to execute a netsh script like the the “netsh dump” creates. These could be incredible useful. There are several other options. You can find help and syntax for all the options by entering a “?” when you need more information. For example, “netsh ?” or “netsh set ?”, etc. You can add to question mark to any level to find more information. Very useful command. I wish I had written down what I used it for before.

Here is an example of a VB script I used to set the domain suffix search list on a Windows machine. I just saved the following in a file with a vbs extension and executed the script.

SET WSHShell = CreateObject(“WScript.Shell”)

WSHShell.RegWrite “HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\SearchList”, “mydomain1.com,mydomain2.com”, “REG_SZ”

I made this modification on an HP DL-360 with dual 1.3 GHz processors, 2GB of memory, and RAID 1 drive (two drives mirrored). It made a huge improvement accessing a directory with a lot of files. According to Microsoft (, ), the setting is increased in Windows 2003. I set in my NT 4.0 server to 16,644.

The SizReqBuf value is stored in the registry under the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Value Name: SizReqBuf
Data Type : REG_DWORD
Data : 512 – 65535 (bytes in decimal, or 200 – FFFF hexadecimal)
Default : 4356 Specifies the size of request buffers that the server uses.

Source: http://support.microsoft.com/kb/320829