Configuring Dial-In
Properties of the User Account
Dial-in
properties, which apply both to direct dial-up and VPN connections, are
configured on the Dial-In tab of the user account properties dialog box.
If a user is dialing in to a domain, a user account corresponding to
the name sent through the dial-up connection must already exist in the
domain. Dial-in properties for this account can thus be configured in
the Active Directory Users And Computers console. If the user is dialing
in to a stand-alone server, however, the account must already exist as a
user account in the answering server’s local SAM. Dial-in properties
for this account can thus be configured in the Local Users And Groups
console in Computer Management.
Figure 1
shows the Dial-In tab of the user account properties, which is
described in the next section.
Remote Access
Permission (Dial-Up or VPN)
You can set the remote access permission for
user accounts to any one of the three following levels. In all server
environments except Active Directory domains whose functional level is
Windows 2000 mixed, the Control Access Through Remote Access Policy
option is enabled by default.
Control Access
Through Remote Access Policy
This particular
option neither blocks nor allows dial-up access for the user. Instead,
it specifies that access permissions for the user be determined by first
matching the remote access policy applied to the connection. (By
default, remote access policies block all remote access connections.)
Deny Access
When you select the
Deny Access option, dial-up access for the user account is blocked
regardless of other settings or policies applied to the account.
Allow Access
When
you select the Allow Access option, dial-up remote access for the user
account is permitted, overriding the remote access permission setting in
remote access policies. Note that the Allow Access setting does not
always prevent remote access policies from blocking remote access; a
remote access policy can still restrict the account’s remote access
through the remote access policy profile. For example, dial-up hours
specified in a remote access policy profile might prevent a user account
from connecting in the evening hours even when the Allow Access option
has been set for the dial-in properties of the user account. However,
the Allow Access option specifies that the Deny Remote Access Permission
setting in remote access policies is ignored.
Important
By default,
Active Directory domains in Windows Server 2003 are installed at the
Windows 2000 mixed-mode domain functional level. In this server
environment, only Allow Access and Deny Access remote access permissions
are available for user accounts. In this case, the Allow Access setting
is the default and is the equivalent of the Control Access Through
Remote Access Policy setting in all other server environments. No
setting at this functional level allows you to override user-level
remote access permissions in remote access policies. |
Verifying Caller
ID
If the Caller ID check
box is selected, the server verifies the caller’s phone number. If the
caller’s phone number does not match the configured phone number, the
connection attempt is denied.
Caller ID must be
supported by the caller, the phone system between the caller and the
remote access server, and the remote access server. On a computer
running the Routing And Remote Access service, caller ID support
consists of call answering equipment that provides caller ID information
and the appropriate Windows driver to pass the information to the
Routing And Remote Access service.
If you configure a caller
ID phone number for a user and you do not have support for the passing
of caller ID information from the caller to the Routing And Remote
Access service, connection attempts will be denied.
Exploring
Callback Options
By default, this
setting is configured as No Callback. If the Set By Caller option is
selected, the server calls the caller back at a number specified by the
caller. If the Always Call Back To option is selected, an administrator
must specify a number that the server will always use during the
callback process.
Tip
The callback
feature requires Link Control Protocol (LCP) extensions to be enabled
in Routing And Remote Access server properties. (They are enabled by
default.) |
Assigning a
Static IP Address
You
can configure the Assign A Static IP Address setting to assign a
specific IP address to a user when a connection is made.
Off the Record
Internet service
providers use the Assign A Static IP Address feature to provide
customers with a reserved IP address at an extra cost. Now that you know
how easy a reserved IP address is to configure, don’t let your ISP
charge you an exorbitant fee for one! |
Applying Static
Routes
You can use the Apply
Static Routes setting to define a series of static IP routes that are
added to the routing table of the server running the Routing And Remote
Access service when a connection is made.
