While remote access is vital for mobile and
remote users, it poses some potential security risks. Organizations
must be able to recognize these potential risks and take steps to
mitigate them.

For example, if your company’s remote users
only need access to the remote access server, consider disabling
routing to the LAN to help prevent unauthorized remote users from
accessing the LAN. Follow these steps:

  1. If you’re using the Incoming Connections
    option in the Network And Dial-Up Connections folder to provide
    dial-in access to the server, open the folder, right-click Incoming
    Connections, and choose Properties.
  2. In the Incoming Connection Properties dialog
    box, select the Networking tab.
  3. Double-click Internet Protocol (TCP/IP),
    deselect the Allow Callers To Access My Local Area Network option,
    and click OK.
  4. Check for any other enabled protocols
    displayed in the Network Components list, and disable the same
    option for those protocols. When you’re finished, click OK.

If you’ve configured your remote access server
through Routing And Remote Access (RRAS), you must take a different
approach to prevent routing for incoming connections. Follow these

  1. Open the
    RRAS console in the Administrative Tools folder, right-click the
    server, and choose Properties.
  2. On the General tab, deselect the Router
  3. Leave the Remote Access Server option
  4. Click OK, and allow Windows 2000 to restart
    RRAS for the change to take effect.

Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!