change dial-in properties of a local account using powershell

Question

How can I modify the dial-in properties of a local user account using PowerShell—for example, to set the network access permission option?

Answer 1

If you're trying to change the dial-in properties (like network access permission) for a user using PowerShell, it depends on whether the account is a domain user (in Active Directory) or just a local user on the machine.

• If it's a domain user (part of Active Directory):

You can use PowerShell to change their dial-in (remote access) settings with the Set-ADUser command. Here's how to :

Allow remote access:

Set-ADUser -Identity "username" -RemoteAccessPolicy "AllowAccess"

Deny remote access:

Set-ADUser -Identity "username" -RemoteAccessPolicy "DenyAccess"

Let NPS policies control access (the default option):

Set-ADUser -Identity "username" -RemoteAccessPolicy "ControlAccessThroughPolicy"

• You’ll need to have the RSAT tools installed and be running this on a machine that can connect to your domain controller.

Link for reference :

• https://learn.microsoft.com/en-us/powershell/module/activedirectory/set-aduser?view=windowsserver2025-ps
• https://learn.microsoft.com/en-us/windows/win32/adschema/a-msnpallowdialin

---

• If it's a local user (just on that machine, not in Active Directory):

Local user accounts don’t support dial-in properties like AD accounts do. Those settings are only available in Active Directory. If you’re using RRAS (Routing and Remote Access) or NPS (Network Policy Server), access control is done through policies, not individual local account settings. So you can:

Enable or disable the account:

net user "localusername" /active:no

Use NPS policies to allow or block access based on username or group.

Link for reference :

• https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/?view=powershell-5.1
• https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/set-localuser?view=powershell-5.1