If you are considering providing remote access capability for your users, controlling who can connect and when they can connect is an important consideration. As a Windows 2000 Server administrator, you can control access by using a combination of remote access and account policies.

If you are using Routing And Remote Access Service (RRAS) to provide dial-in authentication,
you must configure one or more remote access policies through the Routing And
Remote Access console. With the console open, click the Remote Access Policies
branch in the left pane. Defined remote access policies appear in the right

By default, RRAS includes a
single policy that uses the Day-and-Time-Restrictions attribute to control
access. The default policy globally denies access during all hours and covers
all users, but you can modify the policy to enable access rather than deny it.
However, this is just one of two tasks needed to enable remote access for a
user. You must also modify the user’s account properties.

To modify these properties, open
the Active Directory Users And Computers console and
open the user’s account. Then, click the Dial-In tab. By default, the user
account is configured to allow dial-in access. On the Dial-In tab you can deny
access, specify call-back options, assign a static address to the user, and
define and apply static routes. After you have set your preferences, click OK to apply the changes.

In addition to assigning remote
access policies through RRAS, you can also configure policies in Internet
Authentication Service (IAS). For example, you might be using IAS to handle
authentication for a dial-up concentrator. If so, you need to configure remote
access policies in the IAS console. Open the console, click the Remote Access
Policies branch in the left pane, and view and modify policies in the right
pane. The options and methods are the same in IAS as in RRAS.

Miss a column?

Check out the Windows 2000 Professional archive, and catch up on the most recent editions of Jim Boyce’s column.

Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!