Networking

Tech Tip: Customize or disable Help/Grant dial-in access

Windows 2000 Professional: Customize or disable Help

Windows' built-in Help content can lead users through specific problems, but sometimes it can also lead to additional confusion or provide information you would prefer users not have. In some cases, you might even want to replace the Windows Help content with content you've developed. With custom content, users can continue to use a system with which they're familiar but see targeted Help information that's specific to your organization's network or applications.

When a user clicks Help, Windows 2000 opens the %systemroot%\Help\Windows.chm file. To make Windows open custom Help content instead, rename the Windows.chm file to a backup (such as Windows.old.chm), place your custom Help file in the %systemroot%\Help, and name it Windows.chm. When the user clicks Help, your custom Help file will be displayed.

Manipulating Windows.chm in other ways can effectively prevent access to the default Windows Help content if that's your goal. For example, simply rename Windows.chm to prevent users from opening it from the Start menu. Users will then receive an error message when they click Start | Help.

Or, replace Windows.chm with your own compiled Help file that contains a message that the default Help content has been removed and redirect the user either to a Web-based system or other content that you've made available locally or on the network.

Windows 2000 Server: Grant dial-in access

Windows 2000 Server's Routing and Remote Access Service (RRAS) supports dial-in access to a server and, optionally, to the server's network. Configuring an RRAS server for dial-up access is relatively easy because the RRAS console provides a wizard to step you through the process. However, giving users the ability to dial in isn't quite as easy because you must combine remote access policies with user account properties to control dial-in access.

First, open the RRAS console, and open the Remote Access Policies branch. The default policy, Allow Access If Dial-In Permission Is Enabled, actually denies access unless the user's account properties explicitly allow access. You could enable access for all users by editing this policy and setting it to grant remote access rather than deny it, but it's better to configure properties to explicitly allow dial-in access for individual users.

Open the Active Directory Users And Computers console, and open the user's account Properties. On the Dial-In tab, select Allow Access. You can also specify callback options for the user, assign the user a static IP address for the dial-up session, and configure static routes for the user's session.

Use a combination of remote access policies and user dial-in properties to control remote access. For example, either modify the default remote access policy or create a new one to limit dial-in hours, restrict services and protocols, and control remote access in other ways.

As you create additional remote access policies, understand that the policies are applied in the order listed in the RRAS console. As with other types of rules, the order in which the policies apply is significant.

Editor's Picks