If you are considering providing remote access capability for your users, controlling who can connect and when they can connect is an important consideration. As a Windows 2000 Server administrator, you can control access by using a combination of remote access and account policies.
If you are using Routing And Remote Access Service (RRAS) to provide dial-in authentication, you must configure one or more remote access policies through the Routing And Remote Access console. With the console open, click the Remote Access Policies branch in the left pane. Defined remote access policies appear in the right pane.
By default, RRAS includes a single policy that uses the Day-and-Time-Restrictions attribute to control access. The default policy globally denies access during all hours and covers all users, but you can modify the policy to enable access rather than deny it. However, this is just one of two tasks needed to enable remote access for a user. You must also modify the user's account properties.
To modify these properties, open the Active Directory Users And Computers console and open the user's account. Then, click the Dial-In tab. By default, the user account is configured to allow dial-in access. On the Dial-In tab you can deny access, specify call-back options, assign a static address to the user, and define and apply static routes. After you have set your preferences, click OK to apply the changes.
In addition to assigning remote access policies through RRAS, you can also configure policies in Internet Authentication Service (IAS). For example, you might be using IAS to handle authentication for a dial-up concentrator. If so, you need to configure remote access policies in the IAS console. Open the console, click the Remote Access Policies branch in the left pane, and view and modify policies in the right pane. The options and methods are the same in IAS as in RRAS.
Miss a column?
Check out the Windows 2000 Professional archive, and catch up on the most recent editions of Jim Boyce's column.
Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!