Microsoft KB Archive/826156

= How to Configure Unauthenticated Access for the Routing and Remote Access Service or for Internet Authentication Service =

Article ID: 826156

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Server

-



Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

IN THIS TASK

 * SUMMARY
 * Windows 2000 Server
 * Configure Unauthenticated Access in Routing and Remote Access
 * Grant Remote Access Permission
 * Configure a Different Account for Unauthenticated Access
 * Windows Server 2003
 * Configure Unauthenticated Access in Routing and Remote Access
 * Grant Remote Access Permission
 * Configure a Different Account for Unauthenticated Access
 * References



SUMMARY
This article describes how to configure the Routing and Remote Access service or the Internet Authentication Service (IAS) to accept unauthenticated access. By default, the Routing and Remote Access service and the IAS service use the Guest account for unauthenticated access. This article discusses how to enable these services for unauthenticated access without using the Guest account.

back to the top

Configure Unauthenticated Access in Routing and Remote Access
To configure unauthenticated access in the Routing and Remote Access service, follow these steps:
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
 * 2) Right-click  , and then click Properties.
 * 3) Click the Security tab, and then click Authentication Methods.
 * 4) In the Authentication Methods dialog box, click to select the Allow remote systems to connect without authentication check box in the Unauthenticated Access area, and then click OK.

back to the top

Grant Remote Access Permission

 * 1) On the authenticating server, in Routing and Remote Access or in Internet Authentication Service, click Remote Access Policies.
 * 2) In the right pane, right-click Allow access if dial-in permission enabled, and then click Properties.
 * 3) Click Grant remote access permission, and then click OK.
 * 4) Quit Routing and Remote Access or Internet Authentication Service.

back to the top

Configure a Different Account for Unauthenticated Access
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Create a user account to use for unauthenticated access. To do this, follow these steps:  Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers. Expand  , right-click Users, point to New, and then click User. Create the user account that you want to use for unauthenticated access. After the user account is created, right-click the user name, and then click Properties. Click the Dial-in tab. In the Remote Access Permission (Dial-in or VPN) area, click Allow access, click Apply, and then click OK. QuitActive Directory Users and Computers.</li> On your authenticating server, click Start, click Run, type regedit, and then click OK.

Depending on your configuration, the authenticating server is either the Routing and Remote Access server or the Internet Authentication Service server.</li> Expand the following registry key:

</li> Right-click, point to New, and then click String value.</li> Type Default User Identity, and then press ENTER to name the new value.</li> Double-click .</li> In the Value data box, type the name of the user account that you want to use for unauthenticated access, and then click OK.</li> Quit Registry Editor.</li></ol>

Note Changes to the registry setting do not take effect until you restart the Routing and Remote Access service or until you restart Internet Authentication Service.

back to the top

Configure Unauthenticated Access in Routing and Remote Access
To configure unauthenticated access in the Routing and Remote Access service, follow these steps:
 * 1) Click Start, point to Administrative Tools, and then click Routing and Remote Access.
 * 2) Right-click  , and then click Properties.
 * 3) Click the Security tab, and then click Authentication Methods.
 * 4) In the Authentication Methods dialog box, click to select the Allow remote systems to connect without authentication check box in the Unauthenticated Access area, and then click OK.

back to the top

Grant Remote Access Permission

 * 1) On the server that authenticates dial-in access, click Routing and Remote Access in Routing and Remote Access or in Internet Authentication Service, double-click  , and then click Remote Access Policies.
 * 2) Right-click Connections to Microsoft Routing and Remote Access server, and then click Properties.
 * 3) Under Policy Conditions, click the policy that you want to enable unauthenticated access for, and then click Edit Profile.
 * 4) Click the Authentication tab, click to select the Allow clients to connect without negotiating an authentication method check box in the Unauthenticated access area, and then click OK.
 * 5) You receive a message that prompts you to view the Help topics. Click No.
 * 6) Click Grant remote access permission, click Apply, and then click OK.
 * 7) Quit Routing and Remote Access or Internet Authentication Service.

back to the top

Configure a Different Account for Unauthenticated Access
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Create a user account to use for unauthenticated access. To do this, follow these steps: <ol> Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.</li> Expand  , right-click Users, point to New, and then click User.</li> Create the user account that you want to use for unauthenticated access.</li> After the user account is created, right-click the user name, and then click Properties.</li> Click the Dial-in tab.</li> In the Remote Access Permission (Dial-in or VPN) area, click Allow access, click Apply, and then click OK.</li> QuitActive Directory Users and Computers.</li> On your authenticating server, click Start, click Run, type regedit, and then click OK.

Depending on your configuration, the authenticating server is either the Routing and Remote Access server or the Internet Authentication Service server.</li> Expand the following registry key:

</li> <li>Right-click, point to New, and then click String value.</li> <li>Type Default User Identity, and then press ENTER to name the new value.</li> <li>Double-click .</li> <li>In the Value data box, type the name of the user account that you want to use for unauthenticated access, and then click OK.</li> <li>Quit Registry Editor.</li></ol>

Note Changes to the registry setting do not take effect until you restart the Routing and Remote Access service or until you restart Internet Authentication Service.

back to the top

<div class="references_section">