While remote access is vital for mobile and
remote users, it poses some potential security risks. Organizations
must be able to recognize these potential risks and take steps to
For example, if your company’s remote users
only need access to the remote access server, consider disabling
routing to the LAN to help prevent unauthorized remote users from
accessing the LAN. Follow these steps:
- If you’re using the Incoming Connections
option in the Network And Dial-Up Connections folder to provide
dial-in access to the server, open the folder, right-click Incoming
Connections, and choose Properties.
- In the Incoming Connection Properties dialog
box, select the Networking tab.
- Double-click Internet Protocol (TCP/IP),
deselect the Allow Callers To Access My Local Area Network option,
and click OK.
- Check for any other enabled protocols
displayed in the Network Components list, and disable the same
option for those protocols. When you’re finished, click OK.
If you’ve configured your remote access server
through Routing And Remote Access (RRAS), you must take a different
approach to prevent routing for incoming connections. Follow these
- Open the
RRAS console in the Administrative Tools folder, right-click the
server, and choose Properties.
- On the General tab, deselect the Router
- Leave the Remote Access Server option
- Click OK, and allow Windows 2000 to restart
RRAS for the change to take effect.
Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!