Microsoft KB Archive/301193

= HOW TO: Set Up Remote Access for an Intranet in Windows 2000 =

PSS ID Number: 301193

Article Last Modified on 11/4/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q301193



IN THIS TASK

 * SUMMARY
 * ** Installing the Remote Access Server
 * *** To Enable the Routing and Remote Access Service
 * Setting Up a Client for Dial-Up Access
 * Granting Access to Remote Access Servers
 * *** To configure User Dial-in Access in Active Directory
 * Establishing a Remote Connection
 * Troubleshooting
 * *** Not All of the User's Dial-in Configuration Settings Are Available
 * Users Can Contact the Server, But Are Not Authenticated



SUMMARY
This step-by-step guide describes how users can connect to an internal network from remote locations and have access to common services such as File and Print sharing, Web server access, and messaging. Unauthorized users should be denied permissions to access such services.

back to the top

Installing the Remote Access Server
The Routing and Remote Access service is installed automatically during the installation of Windows 2000 Server, but it is disabled by default.

back to the top

To Enable the Routing and Remote Access Service
 Click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access. Click the server icon that matches the local server name in the left pane of the console. If the icon has a red circle in the bottom-left corner, the Routing and Remote Access service has not been enabled. If the icon has a green arrow pointing up in the bottom-left corner, the Routing and Remote Access service has been enabled. If the Routing and Remote Access service was previously enabled, you may want to reconfigure the server. To reconfigure the server:  Right-click the server object, and then click Disable Routing and Remote Access. Click Yes to continue when you are prompted with an informational message. Right-click the server icon, and then click Configure and Enable Routing and Remote Access to start the Routing and Remote Access Server Setup Wizard. Click Next to continue. Click Remote Access server to enable remote computers to dial in to this network. Click Next to continue.  Verify that all of the protocols that are required by services that are required by remote users appear in the list of available protocols. If this is the case, click Yes, all of the required protocols are on this list. Click Next to continue.</li> If the server has multiple network adapters, the wizard opens the Network Selection window so that you can specify the network that should be used by remote clients. (If the server has only one network adapter, the wizard automatically moves to step 7.) Click the appropriate network, and then click Next to continue.</li> In the IP Address Assignment window, Automatically if a DHCP server will be used to assign addresses to remote clients, or click From a specified range of addresses if remote clients should only be given an address from a pre-defined pool. In most cases, the DHCP option is simpler to administer. However, if DHCP is not available, you must specify a range of static addresses. Click Next to continue.</li> If you clicked From a specified range of addresses, the wizard opens the Address Range Assignment window. Click New. Type the first IP address in the range of addresses that you want to use in the Start IP address box. Type the last IP address in the range in the End IP address box. Windows calculates the number of addresses automatically. Click OK to return to the Address Range Assignment window. Click Next to continue.</li> Accept the default setting of No, I don't want to set up this server to use RADIUS now, and then click Next to continue. Click Finish to enable the Routing and Remote Access service and to configure the server as a Remote Access server.</li></ol>

After you set up the server to receive dial-up connections, you need to set up a remote access client connection on the client workstation.

back to the top

Setting Up a Client for Dial-Up Access
To set up a client for dial-up access, follow these steps on the client workstation:
 * 1) Click Start, point to Settings, and then click Network and Dial-up Connections. Double-click Make New Connection, and then click Next to continue.
 * 2) Click Dial-up to private network to create the dial-up connection. Click Next to continue.
 * 3) Type the phone number for the Remote Access server. If the Remote Access server is in the same area code as the remote client, you do not need to type the area code. If the Remote Access server is in a different area code, click to select the Use dialing rules check box to make the Area code and Country/region code boxes available.
 * 4) Click For all users if you want to allow any user who logs on to the workstation to have access to this dial-up connection. Click Only for myself if you want this connection to be available only to the currently logged-on user. Click Next to continue.
 * 5) Leave the Enable Internet Connection Sharing for this connection check box cleared. Click Next to continue.
 * 6) In the Connection Name box, type a descriptive name for this connection, and then click Finish to save the connection.

back to the top

Granting Access to Remote Access Servers
You can use remote access policies to grant or deny authorization based on criteria such as the time of day and day of the week, the user's membership in Windows 2000-based security groups, or the type of connection that is requested. If a Remote Access server is a member of a domain, you can configure these settings by using the user's domain account.

If the server is a stand-alone server or a member of a workgroup, the user must have a local account on the Remote Access server.

back to the top

To configure User Dial-in Access in Active Directory

 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
 * 2) Right-click the user account, and then click Properties.
 * 3) Click the Dial-in.
 * 4) Click Allow access to grant the user permission to dial in. Click OK.

This completes the procedure, aside from testing to make sure that remote access is working as you expect.

back to the top

Establishing a Remote Connection
To connect to the server, follow these steps:
 * 1) Click Start, point to Settings, click Network and Dial-up Connections, and then double-click the new connection that you created.
 * 2) In the User Name box, type your user name. If the network to which you will be connecting has multiple domains, you may need to specify a domain name. If this is the case, use the  \  format in the User Name box.
 * 3) In the Password box, type your password.
 * 4) Check the phone number that is listed in the Dial box to make sure that it is correct. Make sure that you have specified any additional numbers that may be required to obtain an external line, dial long-distance, and so on.
 * 5) Click Dial to continue. The remote computer will connect to the Remote Access server, authenticate the user, and register the remote computer on the network.

back to the top

Troubleshooting
This sections describes how to troubleshoot some issues that you may have when you try to set up remote access for an intranet.

back to the top

Not All of the User's Dial-in Configuration Settings Are Available
If the Windows 2000-based domain is using Mixed mode, not all of the configuration options are available. Administrators can only grant or deny access to the user, and specify callback options (these are the access permission settings that are available in Microsoft Windows NT 4.0). The remaining options become available after the domain has been switched to native mode.

back to the top

Users Can Contact the Server, But Are Not Authenticated
Make sure that the user account has been granted permission to dial in and be authenticated with Active Directory as described in section 2. The Remote Access server must also be a member of the &quot;RAS and IAS Servers&quot; group.

back to the top

Keywords: kbhowto kbHOWTOmaster KB301193

Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.