Microsoft KB Archive/878457

= How to permit only authorized users to connect to your PPTP server in Microsoft Windows XP Service Pack 2 =

Article ID: 878457

Article Last Modified on 7/8/2005

-

APPLIES TO


 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Service Pack 2

-



Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



INTRODUCTION
When an unauthorized user makes multiple connections to your server through the PPTP control channel, your Microsoft Windows XP Service Pack 2 (SP2)-based Point-to-Point Tunneling Protocol (PPTP) server may stop responding to service requests.

To prevent unauthorized users from connecting to your PPTP server, you can configure three registry keys in Microsoft Windows XP SP2. By doing this, you can permit connections only from known Internet Protocol (IP) addresses.



MORE INFORMATION
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To permit connections to your PPTP server only from known source addresses, follow these steps:  Open Registry Editor. Expand the following subkey:

 Right-click the {4D36E972-E325-11CE-BFC1-08002bE10318} entry, and then click Find. Type wan miniport in the Find what box, click to select the Keys check box, click to select the Values check box, click to select the Data check box, and then click OK. When a 000 subkey is found, where   is a numeric value, verify that the following information appears in the right pane:

Name: DriverDesc

Value: WAN Miniport (PPTP)

.

Note The WAN Miniport (PPTP) value indicates that this 000x is where PPTP protocol entries are registered. If you have to, press F3 to repeat the find operation. Do this until you find the correct subkey. After you find the correct 000 subkey in the registry tree, right-click AuthenticateIncomingCalls in the right pane, and then click Modify.

Note The default value for this entry is 0. This value permits connections from any client. If this value is set to 1, and no IP addresses are entered in the ClientIPAddresses entry, no clients are permitted to connect through PPTP.</li> Type 1 in the Value data box, and then click OK.</li> Right-click ClientIpAddresses, and then click Modify.</li> Type a valid IP address</li> Right-click ClientIpMasks, and then click Modify.</li> Type a valid subnet mask that has the following format in the Value data box, and then click OK:

. ..

</li> Restart the computer.</li></ol>

The PPTP server will now accept connections only from a client that has an IP address that is included in the ClientIPAdresses registry entry. The ClientIPAddresses registry entry is relevant only if the value for the AuthenticateIncomingCalls entry is set to 1.

Additional query words: winxpsp2 xpsp2

Keywords: kbdownload kbtshoot kbnetwork kbsecurity kbprb kbconfig kbclient kbadmin KB878457

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.