Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/254172

From BetaArchive Wiki
Knowledge Base


Enabling the Challenge Handshake Authentication Protocol (CHAP)

Article ID: 254172

Article Last Modified on 3/1/2007



APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server



This article was previously published under Q254172

SUMMARY

This article describes enabling the Challenge Handshake Authentication Protocol (CHAP) on a Microsoft Windows 2000-based remote access server.

MORE INFORMATION

To enable CHAP on a Windows 2000 remote access server, you must use the Routing and Remote Access snap-in and then select the appropriate setting on the 'Security' tab of the server properties.

For a stand-alone Windows 2000 remote access server, you must also enable Store password using reversible encryption for all users in the domain in the Local Computer Policy. To enable storage of passwords using reversible encryption, follow these steps:

  1. Start the Microsoft Management Console (MMC) and add the Local Computer Policy snap-in.
  2. In the Local Computer Policy MMC snap-in, go to:

    Local Computer Policy\Windows Settings\Security Settings\Account Policies\Password Policy

  3. In the right side of the MMC, double-click Store password using reversible encryption for all users in the domain.
  4. Click Enabled, and then click OK.

NOTE: Reversibly encrypted passwords are saved during the change-password process, so existing users must change their passwords to use CHAP. For a Windows 2000-based remote access server that is a member of a domain, you can select the Store password using reversible encryption for all users in the domain option on the domain server as described above.

Alternatively, you can enable reversible storage of passwords for individual users. By using the Directory Services snap-in, you can select this feature through the properties of an individual user. Again, note that reversibly encrypted passwords are saved during the change-password procedure, so existing users must change their passwords to use CHAP.


Additional query words: win2krelnotes

Keywords: kbinfo KB254172