Special Edition Using Microsoft BackOffice, Volume I

Previous chapterNext chapterContents

Chapter 12

Implementing Remote Access Service (RAS)

by David O'Leary

Learn procedures for installing RAS-related hardware, including multiport hardware, connection devices, and X.25 smart cards. Learn how to configure your COM ports and modems to maximize throughput.
Walks through the steps involved in the RAS installation process. Detailed information is presented on all available options to help you customize your RAS installation to the needs of your enterprise.
Gain a detailed understanding of RAS configuration options. Learn how to add devices to your RAS Server and configure them for dialing out, receiving calls, or both. Learn how to configure networking protocols to maximize response time and minimize errors and unnecessary transmissions.
Learn to use the Remote Access Admin tool to administer and monitor RAS servers throughout your enterprise. Learn to configure RAS security options to protect your server and domain from unauthorized intrusions. Learn to use the Remote Access Admin tool to start, stop, and pause the Remote Access Service, and to monitor and administer connections, users, and ports.

This chapter describes the installation and configuration procedures for Microsoft's Remote Access Service (RAS). The Remote Access Service enables authorized users to connect to your corporate network from remote locations, such as their homes, customer sites, and hotel rooms. Once connected, users can copy files, view data, send and receive e-mail, and access all network services as if they were directly connected to your LAN. This chapter provides you with the procedures and detailed information you need to get the Remote Access Service running and to keep it running reliably. For more information about RAS and how it can be used, see Chapter 11, "An Inside Look at Remote Access Service (RAS)."

NOTE: This chapter assumes that you will be setting up RAS on a Windows NT 4.0 Server; however, you will find that the setup and administration utilities for Windows NT 4.0 Workstation are identical although limited in the allowed number of concurrent connections. Also, on the server side, the Window NT 3.51 RAS utilities are very similar.

RAS can be installed automatically as a part of the initial Windows NT Server installation or after the initial Windows NT Server installation by using the Network applet in the Control Panel. The remaining portion of this chapter assumes that RAS was not installed during installation of Windows NT Server and that you now have a requirement to install it on the server.

NOTE: To be able to add and configure devices and change configuration parameters for networking, you must be logged on as a user with administrative rights to the local machine.

The chapter begins by presenting information on installing the hardware required for your RAS server. This section covers hardware for both basic and advanced RAS configurations. Information is presented for the installation and configuration of COM ports, modems, multiport hardware, and X.25 smart cards. You can skip this section if your hardware has already been properly set up and configured and is working properly.

Installing the Required Hardware

This section provides general information and guidelines on how to set up and configure RAS-related hardware under Windows NT 4.0. This section assumes that you have already chosen your hardware and that the necessary data lines are already in place. Refer to Chapter 11 for information on choosing hardware. The following devices are discussed:

NOTE: Except for modems, most RAS-related devices are considered to be networking adapters. As such, they can be found, installed, and configured from the Adapter tab of the Network applet in the Control Panel.

Installing Multiport Hardware

If you plan on connecting more than two modems to your RAS server, you should consider using multiport hardware. Multiport hardware provides additional serial port connections, requires only a single interrupt, and, depending on which multiport device you choose, usually handles much of the processing load involved in supporting multiple modems. For more detailed information on multiport hardware and its uses, refer to Chapter 11. To install your multiport device, follow these steps:

  1. Open the Control Panel.

  2. Double-click the Network icon.

  3. Select the Adapters tab (see Figure 12.1).
    FIG. 12.1
    The Adapters tab of the Network Settings dialog box shows currently used network adapters.
  4. In the Adapters tab, click the Add button to bring up the list of available network adapters. Windows NT will take a few seconds to build the available network adapter list then you should see a list like the one displayed in Figure 12.2.
    FIG. 12.2
    Windows NT displays a list of available network adapters in the Select Adapters dialog box.

NOTE: Although Windows NT supplies many drivers for the most common multiport hardware, you should ensure that you have the latest Windows NT 4.0 driver. Often, the best place to get this is from the hardware manufacturer's World Wide Web page or FTP site. This will be a very important part of your setup. If you get it right the first time, it could save you many future headaches.

  1. If you have a driver from the manufacturer, click the Have Disk button. This brings up the Insert Disk dialog box. Type in the path to your driver and hit OK.

  2. If you do not have the driver, select your hardware from the list and click OK.

  3. Configuration settings are a part of the driver provided for the particular hardware device and therefore vary widely. Consult any information the manufacturer supplies or contact the manufacture directly for information on configuring their hardware on a Windows NT 4.0 Server.

Installing an X.25 Smart Card

X.25 smart cards, also known as X.25 pads, enable you to connect to a X.25 packet-switched network. X.25 pads are often used in implementing a wide area network (WAN) over a public data network (PDN). Because installation and setup procedures vary widely for X.25 adapters, you should refer to your hardware manufactures instructions or contact your hardware manufacturer for setup and configuration information under Windows NT 4.0.

In general, you will install the X.25 adapter from the Adapters tab of the Network applet in the control panel. Follow the steps given for installing multiport hardware. To ensure reliable communication, make sure you have the latest driver from the manufacturer.

Configuring Your Serial Ports

NOTE: If you are using multiport hardware, refer to the manufacturers documentation for instructions on configuring its COM ports.

COM ports provide your computer with a way to communicate with external devices, such as modems. However, a COM port can also be used to communicate with an internal device, such as an internal modem. If you plan to attach a modem directly to your machine, whether internally or externally, you will need to use an available COM port and configure it match your modem's settings. This section gives detailed information on all involved configuration settings and suggests commonly used settings.

COM ports can be configured using the Control Panel of the Windows NT Server (or Workstation). To maximize your chances for successful modem connections the first time, know your modem's communication parameters before starting this procedure.

Follow these steps to configure your COM ports for RAS:

  1. Open the Control Panel.

  2. Double-click the Ports icon.

  3. Click the COM port to be configured, and double-click Settings to display the Settings dialog box, as shown in Figure 12.3. The initial settings displayed will be the Windows NT Server default settings or, if the port had been previously configured, the settings from the previous configuration.
    FIG. 12.3
    The Settings dialog box displays, and enables editing of, the current settings of the selected COM port. Click Advanced to see the advanced settings for COM1.
  4. Set the baud rate to its highest available speed (see the following Note). This is necessary because if compression is enabled, the effective throughput can far exceed the actual throughput. For a 28.8 modem using the V.34 communication protocol, which defines a hardware compression ratio of four to one, the effective throughput can be as high as 115,200 Bps. (See Chapter 11 for additional details.) The goal is to always keep the modem's buffer filled with information to send out. If the modem's transfer rate is higher than the serial port's, the modem may end up waiting for data to send. Proper flow control settings should keep the buffer from being overfilled.

    NOTE: Most modern machines, particularly servers, should have a 16550 or 16550AF UART chip that supports baud rates up to 115 Kbps. However, if you have an older machine with a 16450 UART chip, the maximum baud rate is 19,200 Bps.

  5. Select the number of data bits you want to transmit for each character by clicking the Data Bits drop-down list box. The choices are 4, 5, 6, 7, and 8. Eight is recommended.

  6. Select the error-checking method by clicking the Parity drop-down list box. Available choices are Even, Odd, None, Mark, and Space. A typical choice is None.

  7. Select the number of Stop bits. This setting controls the number of timing units allowed to pass between each transmitted character. Available choices are 1, 1.5, and 2. One is recommended.

  8. Select the Flow Control method by clicking the Flow Control drop-down list box. Flow control defines how the modem communicates with its attached computer. Available choices are Xon/Xoff, Hardware, and None. Hardware flow control tends to be the most reliable method.

  9. If you need to change the advanced settings, click Advanced to display the Advanced Setting dialog box, as shown in Figure 12.4. Advanced settings can be used to resolve resource conflicts resulting from multiple resources using the same interrupt or multiple devices assigned to the same address. Normally, the default advanced settings will be sufficient to match the capabilities of your modem. If they are not, consult your modem's documentation or contact the hardware manufacturer to determine the advanced settings to use. When you are satisfied with the advanced settings, click OK.
    FIG. 12.4
    The default settings in the Advanced Setting dialog box are usually sufficient for most remote communication sessions and serial port configuration requirements.
  10. Click OK to close the Settings dialog box. Repeat step 3 through step 10 to configure additional serial ports.

  11. Click Close to close the Ports dialog box.

When you have completed this procedure, the COM ports should be configured to properly support your modems.

Installing Your Modems

Modems are the backbone of any RAS setup. Ensuring that you have the right modems for the job and that they are properly installed and configured will be key to the success of your RAS implementation. This section is intended to give you the information you need to make the right choices to ensure that you get the maximum reliability and bandwidth from your modems. The following steps will take you through the necessary steps to do this:

  1. If the modem is an internal modem, you first need to verify that its COM port and IRQ settings match available COM port and IRQ settings on your computer. Refer to your modem's documentation for checking and adjusting these settings on your modem. Available resources under Windows NT can be checked from the Resources tab of the Windows NT Diagnostics applet. Once all settings are properly chosen, turn the computer off and insert the modem into an expansion slot.

  2. If the modem is an external modem, connect it to a serial port (see the following Note) and turn it on. At least one light should be lit to indicate that the modem has power.

    NOTE: If you are connecting an external modem to one of the existing ports on the back of your computer, you should, if possible, use a 25-pin, DB-25 serial port with a 25-pin cable. DB-25 connectors are generally found on most modems and other data communication equipment (DCE) because the serial communication standard, known as RS-232, describes a set of signals that requires a 25-pin cable to carry them.

    On the other hand, many modern modem protocols, such as v.34, have embedded the advanced functionality provided by the additional pins within the basic communication protocol and, therefore, require only a nine pin connection (DB-9).

  3. Open the Control Panel.

  4. Double-click the Modems icon. This displays the Modems Properties dialog box, as shown in Figure 12.5.
    FIG. 12.5
    The Modems Properties dialog box enables you to add and remove modems and view and edit each modem's configuration settings.
  5. Click the Add button to display the Install New Modem dialog box.

  6. If you do not want Windows NT to detect the modem, check the Don't Detect my Modem; I Will Select It from a List Box (see the following Note), then click Next. If you want to choose your modem from the list, skip to step 9.

    NOTE: Windows NT does a good job of detecting what kind of modem you have and the COM port to which it is attached. If it is unable to detect your modem, there is most likely a problem with your modem, its physical setup, or its COM port settings.

  7. RAS Setup begins searching for your modem by sending signals to available IRQs and looking for a response. When it receives a response from an attached device, it will continue to query the device to find out what type of device it is. (If you have an external modem, you should see the send and receive lights flickering while this happens.) If it finds a modem, it will determine its make and model number and the COM port to which it is attached. You should see information similar to that shown in Figure 12.6 as RAS Setup progresses through the detection process.
    FIG. 12.6
    The detection process indicates RAS Setup status as it progresses through performing queries of each COM port.
  8. This could take a couple minutes, particularly if you have several modems attached to multiport hardware. Once all COM ports have been queried and one or more modems found, the RAS Setup Wizard will display a screen like that shown in Figure 12.7.
    FIG. 12.7
    The RAS Setup Wizard displays information on detected modems.
  9. The Modem Setup Wizard will display the first device it found. If several modems were found, then clicking Next brings you to the next device. For each device, the wizard displays the modem name and the attached COM port. If the modem was detected incorrectly, click the Change button and proceed to step 8. If all modems were detected correctly, then skip to step 10.

  10. If the wizard was unable to detect your modem or no new modems were found, the wizard will display an appropriate message and enable you to select the modem from the list of available modems by clicking Next.

  11. You should now be looking at the Install New Modem screen of the RAS Setup Wizard. Select the manufacturer and model from the list or, if your modem or manufacturer is not listed and/or you have an updated Windows NT 4.0 driver from the manufacturer, click the Have Disk button and enter the path to the driver, as shown in Figure 12.8. Once the proper modem is selected, click Next.
    FIG. 12.8
    Setup enables you to use a manufacturer's driver by entering the path to the required files.
  12. Select the COM port that the modem is attached to, and click Next.

  13. Windows NT will take a few seconds to install the required files and may require the Windows NT 4.0 Server CD to be placed in your CD-ROM drive. Once this is finished, the wizard displays a success message and the Next button changes to a Finished button.

  14. Click Finish to exit to the modem setup wizard.

Your modem should now be properly installed. Proceed to the next section to configure your modem for your RAS installation.

Configuring Your Modem(s)

Your modem's configurable properties are determined by the driver selected when you installed your modem. Because the Properties dialog box is derived from this driver, the look and configurable settings will vary according to the type, brand, and model of the selected device. Because configurable settings may vary widely, this section will not be able to give you specific instructions as to how to configure your modem. For this reason, you should refer to your hardware manufacturer's documentation for details about your modem's configuration settings. Also, you can refer to Chapter 11, "An Inside Look At Remote Access Service (RAS)," for explanations of applicable settings and protocols, such as flow control, error detection and handling, and compression.

NOTE: In many cases, if you found the appropriate drivers for your modems, the default settings should be sufficient.

To open the modem's Properties dialog box, follow these steps:

  1. If the Modem Properties dialog box is not already showing, open it by selecting the Modems icon from the Control Panel.

  2. Select the modem you want to configure and press the Properties button to bring up the modem's properties.

  3. Select the desired settings. (Refer to your hardware manufacturer's documentation and to Chapter 11 for additional information about specific settings.)

At this point, all required hardware should be installed and working properly. It would be wise to test it to verify it is properly set up and working before installing the RAS software. You can use software supplied with your modem or a program called HyperTerminal which is supplied with both Windows NT and Windows 95. HyperTerminal can be found in the Accessories group of your Start menu. If the Setup Wizard successfully detected your modem, you should not have to worry about testing other than to ensure that your phone cords are properly attached and working.

Installing RAS Software

This section walks you through the steps for installing the RAS software on your server. It presents detailed explanations of the choices offered to help you make an informed decision.

You will need the Windows NT Server CD-ROM for copying RAS files to your machine. Follow these steps to install RAS:

  1. Open the Control Panel.

  2. Double-click the Network icon in the Control Panel to display the Network dialog box.

  3. Click the Services tab (see Figure 12.9).
    FIG. 12.9
    The Network Services tab enables you to add, remove, and configure network services.
  4. Click the Add button to display a list of available network services, as shown in Figure 12.10.
    FIG. 12.10
    The Select Network Service dialog displays a list of available network services.
  5. Select Remote Access Service from the list, and click OK. This displays the Windows NT Setup dialog box.

  6. Enter the path to your Windows NT 4.0 Server CD-ROM and click Continue. Windows NT will begin copying the necessary files for RAS to the appropriate directory your hard drive.

  7. When the copy process has been completed, RAS Setup displays the Add RAS Device dialog box, as shown in Figure 12.11. If you installed your modems earlier, they should all be listed in the RAS Capable Devices combo box. If you did not install your modems, click Install Modem and follow the modem installation instructions given in the "Installing Your Modems" section earlier in this chapter.
    FIG. 12.11
    The Add RAS Device dialog box enables you to add RAS devices by selecting from existing RAS-capable devices.
  8. Choose one device and click OK. This takes you to the Remote Access Setup dialog box. At this point, the software has been successfully installed and the configuration section begins.

NOTE: DO not hit the Continue button yet; you still need to configure your modem and network settings. If you leave now, the Setup program will go through binding the service to networking protocols and several other configuration steps and then tell you to reboot the machine before you have even configured RAS to your liking.

Configuring RAS

The Remote Access Setup dialog box enables you to add, remove, and configure RAS devices, and it lets you view and edit RAS network settings. If the Remote Access Setup dialog box, shown in Figure 12.12, is not already displayed, open it by opening the Network icon from the Control Panel, selecting the Services tab, and double-clicking the Remote Access Service entry in the Network Services list.

FIG. 12.12

The Remote Access Setup dialog box displays a list of the current RAS devices. Any devices that you have previously installed should be listed in the Port/Device/Type box.

Adding, Removing, Cloning, and Configuring RAS Devices

The four buttons displayed at the bottom of the dialog box enable you to configure your ports and communication devices for use with RAS. The following list provides a description of these buttons:

To add devices, perform the following steps:

  1. From the Remote Access Setup dialog box, Click the Add button (or you can select an existing device and click the Clone button to copy all of its settings to a device entry).

  2. Select an available device from the list; If no more RAS devices are available, you can click the Install Modem button to install additional modems. You can also install an X.25 Pad from this screen by clicking the Install X.25 Pad button.

  3. Click OK to add this device and return to the Remote Access Setup dialog box.

NOTE: For each device that you add, make sure you click Configure to choose how that device will be used.

The Clone button is particularly useful if you have several modems of the same type connected to multiport hardware. To clone a RAS device, perform the following steps:

  1. Install all modems whose settings you want copied.

  2. Select a modem from the RAS Setup dialog box whose configuration properties you want to be cloned to similar, installed modems. If no devices exist, follow the steps listed above for adding and configuration RAS devices.

  3. Press the Clone button. The Setup program will process the list of installed RAS-capable devices that haven't been added yet and add each similar modem to the list of devices with the same configuration as the original selection. If the Setup program could not find any new modems similar to the selection, a message is displayed stating, There are no more ports of the specified type to clone.

To Configure a RAS device, perform the following steps:

  1. Click a modem in the device list box to select it (if it is not already selected), and then click Configure. The Configure Port Usage dialog box, illustrated in Figure 12.13, appears.
    FIG. 12.13
    The Configure Port Usage dialog box enables you to select usage options for a communication device.
  2. In the Configure Port Usage box, select whether the device will be used to receive calls, to dial out, or both (though not simultaneously).

    TIP: You can use RAS for receiving calls and dialing out simultaneously by using multiple modems. A good method for testing your RAS installationóif you have multiple modems and linesóis to call your RAS server from your RAS server, thereby testing both the dial-out and receiving components.

  3. Click OK in the Settings dialog box. Then click OK in the Configure Port dialog box to finish your device installation.

Once your ports have been configured to your liking, you need to configure your RAS network settings. The next section explains how to do this.

Network Protocol Configuration for RAS

The Network button on the Remote Access Setup dialog box brings you to the RAS Network Configuration dialog box, as shown in Figure 12.14. This dialog box allows you to select which networking protocols to use for both the client and the server. Client settings will only be enabled if you have at least one modem configured for dial-out. The server section will not even be seen unless you have at least one modem configured for receiving calls.

FIG. 12.14

The Network Configuration dialog box enables you to configure networking options for RAS. Server settings will only be visible if you have at least one modem configured for dial-out. Client settings will be grayed if no modems are configured for dial-out.

For both dialing out and receiving calls, you will need to choose the networking protocols to use. The available options are listed and explained as follows:

See "NetBEUI," [Ch 4]

See "Transmission Control Protocol/Internet Protocol (TCP/IP)," [Ch 4]

See "Internet Packet Exchange/Sequenced Package Exchange (IPX/SPX)," [Ch 4]

Configuring Dial-Out Protocols

In the Dial-Out Protocols section at the top of the Network Configuration dialog box, check the appropriate boxes for enabling different dial-out protocols based on your preferences. This section only enables you to choose which protocols to use; setting the parameters of these protocols can be done with the RAS client software supplied with Windows NT or whatever operating system is being used. Client software is covered in Chapter 13, "Implementing Dial-Up Networking Clients."

Configuring RAS Server Network Protocol Settings

The options available under Server Settings enable you to determine and configure your RAS server's available networking protocols and encryption settings. The choice of protocols depends on your enterprise needs and available protocols being used on your existing network. Do not enable any unnecessary network protocols, as each protocol requires additional network bandwidth and can cause significant performance loss as additional queries must be issued when locating a network resource.

TIP: The RAS clients can also specify what protocols they want to use for remote connectivity to prevent unnecessary overhead. (Usually, just one is needed.)

Configuration options and procedures for each of the available networking protocols are discussed in the following sections.

NetBEUI

If you want to have users connect to your RAS serveróand optionally, the corporate networkóusing NetBEUI, perform these steps:

  1. To allow NetBEUI connections to your RAS server, check the NetBEUI check box in the Server Settings section of the Network Configuration dialog box.

  2. Click the Configure button adjacent to the NetBEUI option. The RAS Server NetBEUI Configuration dialog box appears (see Figure 12.15).
    FIG. 12.15
    NetBEUI connectivity options for the RAS server can be configured through the NetBEUI Configuration dialog box.
  3. Choose whether to allow full network access or access to the RAS Server only for remote NetBEUI clients.

  4. Click OK to save your NetBEUI Configuration settings.

The Network Configuration dialog box reappears so that you can configure additional protocols.

TCP/IP

To configure Transmission Control Protocol/Internet Protocol, perform the following steps:

  1. To allow TCP/IP connections, check the TCP/IP option.

  2. Click the Configure button to display the TCP/IP Configuration dialog box, as shown in Figure 12.16.
    FIG. 12.16
    The TCP/IP Configuration dialog box enables you to select TCP/IP settings for connections to your RAS server.

    NOTE: Each protocol Configuration dialog box contains a section for enabling network access options for the selected protocol.

  3. Choose whether to allow full network access or access to the RAS Server only for remote TCP/IP Clients.

  4. Select the method of assigning IP addresses to dial-in remote clients. One of three alternatives is possible, as follows:

Click OK to close the RAS Server TCP/IP Configuration dialog box and complete your TCP/IP configuration for RAS.

The Network Configuration dialog box reappears so that you can configure additional protocols.

See "Dynamic Host Configuration Protocol (DHCP)," [Ch 9]

IPX

The IPX check box enables you to configure the options for enabling IPX/SPX connections using RAS. To configure IPX, follow these steps:

  1. Check the IPX check in the Server Settings area of the Network Configuration dialog box

  2. Click the adjacent Configure button to display the RAS Server IPX Configuration dialog box, as shown in Figure 12.17.
    FIG. 12.17
    RAS allows you to select specific connectivity options for IPX through the IPX Configuration dialog box.
  3. Choose whether to allow full network access or access to the RAS Server only for remote IPX clients.

  4. Select a method for allocating IPX network numbers. One of four alternatives is possible, as follows:
    • Allocate Network Numbers AutomaticallyóRAS software uses the NetWare Router Information Protocol (RIP) to determine unique network numbers that are available for allocation. The RAS Server then allocates that number to the remote client. This method is useful because it requires the least administration overhead for assigning IPX addresses.

    • Allocate Network NumbersóThis is the manual method of allocating the network numbers. This method can be the best choice if you want to have more control over network number assignments for security and monitoring purposes. To exercise this alternative, simply click the appropriate option button and then enter the first network number in the From box. The RAS Server automatically calculates the ending number for you based on number of available ports.

    • Assign Same Network Number to All IPX ClientsóEnable this check box to assign the same network number to all IPX clients using either the automatic or manual methods.

    • Allow Remote Clients to Request IPX Node NumberóEnable this check box to allow remote clients to request a specific IPX number. This method presents a potential security risk. It enables a remote client to use a previously connected client's node number and potentially impersonate his or her access privileges.

  5. Click OK to close the RAS Server IPX Configuration dialog box.

See "Internet Packet Exchange/Sequenced Package Exchange (IPX/SPX)," [Ch 4]

User Authentication Settings

This section discusses the encryption techniques used by RAS for authenticating user logon and password information. Encryption settings are one aspect RAS security options used to prevent unauthorized users from gaining access to your server and/or domain. Users can only log on to your RAS server if they are using a RAS enabled account for the domain. Encryption settings are used to prevent someone from capturing logon and password information by "listening in" to a logon session. To set encryption options, perform the following steps:

  1. If you performed the steps in the previous section, you should already have the RAS Network configuration (refer to Figure 12.14). If not, from the Remote Access Setup dialog box, click the Network button. This will display the RAS Network Configuration dialog box.

  2. In the Server Settings area, select an encryption setting. The possible encryption options are as follows:
    • Allow Any Authentication Including Clear TextóEnabling this option button permits remote clients to connect using clear text based authentication. This method presents a security risk because the logon ID and password are transmitted over an unsecured connection using regular text

    • Require Encrypted AuthenticationóEnabling this option button permits remote clients to connect using encrypted authentication. This method encrypts the logon ID and password before transmission over the connection line.

    NOTE: With Require Encrypted Authentication selected, Microsoft supports a variety of encryption algorithms including MS_CHAP, DES, and SPAP. To force the use of MS_CHAPóthe most secure password authentication protocol supported by RASóselect Require Microsoft Encrypted Authentication. All the above protocols are described in Chapter 11, "An Inside Look at Remote Access Service (RAS)."

    • Require Microsoft Encrypted AuthenticationóEnabling this option button permits connection using the Microsoft security model. The logon ID and password are authenticated by the Windows NT Server logon service.

  3. Enable the Require Data Encryption check box if you require all data (not just the logon ID and password) sent over the remote link to be encrypted. This option is only available when the Require Microsoft Encrypted Authentication option is enabled. Otherwise, it is grayed out and unavailable.

    NOTE: As discussed in Chapter 11, RAS uses the RC4 encryption algorithm for encrypting and decrypting data. RC4 is popular because of its speed and proven security. As RC4 does require some rather involved computations for encryption, it will slow system performance somewhat. If you are not transmitting sensitive information, you can improve performance by leaving this option disabled.

  4. Click OK in the Network Configuration dialog box and finish your RAS configuration. The Remote Access Setup dialog box reappears.

The final setting in the Network Configuration dialog box is the Enable Multilink check box. Multilink allows one network session to occur over multiple physical connections. The most common use of multilink in to bundle the two B-channels of an ISDN modem into a single logical connection. Multilink can also be used to bundle any two modems together to increase bandwidth.

See "RAS Multilink PPP," [Ch 11]

All configuration steps should now be complete. To finish your installation, perform the following steps:

  1. Click Continue in the Remote Access Setup dialog box to complete RAS setup and redisplay the Windows NT Setup dialog box containing the path to the installation files.

  2. Click Continue in the Windows NT Setup dialog box after verifying that the displayed path to the Windows NT Server installation files is still correct. Setup copies additional files based upon the previously selected protocols and settings for the ports and modems to be used with RAS.

  3. When the copy process is complete, the Windows NT Setup dialog box containing the path to the installation files appears again. Click Continue again to close the Windows NT Setup dialog box and display the Remote Access Service Setup message box informing you that the Remote Access Service has been installed.

  4. When you have finished reading the information in the Remote Access Service Setup message box, click OK to close the box and redisplay the Network Settings dialog box.

  5. Click OK to update the network settings, configurations, and bindings.

  6. When the network has been updated and reconfigured, the Network Settings Changed message box appears informing you that the network settings have changed and that you must exit and restart Windows NT Server for the new settings to take effect. Either click Restart Now to automatically exit and restart Windows NT Server immediately, or click Don't Restart Now to close the message box and redisplay the Control Panel window.

  7. If you clicked Don't Restart Now, close Control Panel. RAS will start after the next server restart.

The installation and configuration of your RAS server is now complete.

Using the Remote Access Admin Tool

The Remote Access Admin tool included with RAS enables you to set user permissions and monitor active connections on RAS servers throughout your enterprise. If you have multiple RAS servers in your organizations, you can manage all of them from a single Windows NT Server or Windows NT Workstation computer. If you want to configure network settings, or add, remove, or configure devices, you will need to refer to the previous section "Configuring RAS."

TIP: If you are familiar with the Remote Access tool provided in Windows NT 3.51, you'll find that except for the new Windows 95 look and feel, the tool is almost exactly the same.

The Remote Access Admin tool can be started from the Administrative Tools group in the Start menu. Figure 12.18 shows the main screen for the Remote Access Admin program.

FIG. 12.18

Remote Access Admin tool can be used to administer all of your RAS servers on the enterprise network.

The Remote Access Admin tool displays the following information about available RAS servers:

NOTE: The Remote Access Admin tool is installed by default as part of the RAS server installation process.

The following sections detail some of the administration and monitoring capabilities of the Remote Access Admin tool.

Selecting RAS Servers for Administration

The Remote Access Admin tool enables you to select the RAS server you want to administer by selecting the appropriate PC or domain. You can select a single RAS server to manage, or you can select a complete domain, which would include administering and monitoring all RAS servers within that domain.

NOTE: If you are running RAS on a Windows NT domain controller machine, the default option is to manage RAS servers in the domain. If you are running RAS on a Windows NT Server, the default option is to manage the RAS server on that machine only.

To select a RAS server or domain for administration, perform the following steps:

  1. Start Remote Access Admin tool.

  2. Choose Server, Select Domain or Server to display a Select Domain dialog box, such as the one illustrated in Figure 12.19.
    FIG. 12.19
    You can manage all RAS servers in a domain by choosing Server, Select Domain or Server from the menu and then selecting the desired domain.

  3. In the Select Domain dialog box, the Select Domain list box shows all the available domains. Select the desired domain from the list or type the name into the Domain text box.

  4. Check the Low Speed Connection check box if the connection to the RAS server or domain is going to be over a dial-up link.

  5. Click OK to continue, and the RAS servers in that domain will be listed when you return to the main Remote Access Admin window.

After you have selected the RAS server or domain, you can administer them or monitor their operation using the Remote Access Admin tool.

Start, Stop, Pause, or Continue RAS Services

From a machine with the Remote Access Admin tool, you can start, stop, pause, and continue the RAS service any machine that you proper access rights for.

Starting a RAS Service

To start RAS services, perform the following steps in Remote Access Admin:

  1. Choose Server, Start Remote Access Service to display the Start Remote Access Service dialog box (see Figure 12.20).
    FIG. 12.20
    Start a Remote Access Service by choosing the appropriate option from the Server menu.

  2. Type in the RAS server name by using the \\<computername> notation, and click OK.

  3. RAS attempts to start the Remote Access Service on the specified server and displays the updated status on the main Remote Access Admin screen.

Stoping a RAS Service

To stop RAS services, perform the following steps in Remote Access Admin:

  1. Select the RAS server on which you want to stop the RAS service by selecting it from the list.

  2. Choose Server, Stop Remote Access Service to display the Stop Remote Access Service dialog box shown in Figure 12.21.
    FIG. 12.21
    Stop a Remote Access Service by choosing the appropriate option from the Server menu.

  3. Click Yes to stop the service or No to cancel the operation.

    NOTE: Stopping or pausing a RAS service while users are connected will disconnect those users. If possible, you should use the Remote Access Admin tool to send a message to connected users stating that you will be stopping the RAS service and, if appropriate, give them an appropriate amount of time and a phone number where they can contact you if they need you to wait a few additional minutes while they finish a transmission.

  4. If you click Yes, RAS attempts to stop the Remote Access Service on the specified server and displays the updated status on the main Remote Access Admin screen. If RAS was unable to stop the service, it will display a message stating the reason.

Pausing a RAS Service

Pausing allows you to prevent any additional users from connecting to the Server, while allowing existing connections to remain. This is useful in cases where you know you will need to shut down the server but do not need to do it immediately and you do not want to force disconnections.

To pause RAS services, perform the following steps in Remote Access Admin:

  1. Select the RAS server that you want to pause the RAS service on by selecting it from the list.

  2. Choose Server, Pause Remote Access Service.

  3. RAS attempts to pause the Remote Access Service on the specified server and displays the updated status on the main Remote Access Admin screen.

Continuing a RAS Service

Continuing a paused RAS Service will allow new users to connect to the RAS Server. To continue RAS services, perform the following steps in Remote Access Admin:

  1. Select the RAS server that you want to continue the RAS service on by selecting it from the list.

  2. Choose Server, Continue Remote Access Service.

  3. RAS attempts to continue the Remote Access Service on the specified server and displays the updated status on the main Remote Access Admin screen.

You can perform the preceding steps on any available RAS server within your enterprise network from a central computer.

Monitoring RAS Ports

The Remote Access Admin tool can be used to monitor the status of your RAS ports periodically to determine their status and user activity. To monitor RAS ports using Remote Access Admin, perform the following steps:

  1. Select a RAS server from the list. Choose Server, Communication Ports to display the Communication Ports dialog box, as shown in Figure 12.22. The Communication Ports dialog box lists all the ports configured for RAS usage on the selected server. It also displays any users connected to the port and the time the user started the RAS connection.
    FIG. 12.22
    Monitor the status of your RAS ports using the Remote Access Admin tool.

  2. Select a Port and click Port Status to obtain detailed information about that port, as shown in Figure 12.23.
    FIG. 12.23
    The Port Status dialog box displays detailed information about a configured port and the activity on that port.

  3. Click OK to close the Port Status dialog box and return to the Communication Ports dialog box.

  4. If any users are connected to the RAS server, you can disconnect them by selecting the appropriate port and clicking Disconnect User.

    NOTE: You should always warn users before forcing a disconnection. To do this you can use the Admin tool's Send Message button. If possible, give them the time and a method to reply to you before disconnecting them. Forcing a disconnection may cause the user to lose important information or may require them to restart a lengthy download process.

  5. You can also send text messages to a selected user or to all connected users by using the Send Message or Send to All buttons.

  6. Click OK when you are finished to return to the Remote Access Admin main screen.

Monitoring RAS Connections

RAS enables you to monitor all remote connections by user or by domain. To monitor users connected to your RAS servers, follow these steps:

  1. Choose Users, Active Users.

  2. The Remote Access Users dialog box appears, as shown in Figure 12.24. All users connected to the RAS servers across the domain are displayed with the server name they are connected to and the time the connection started.
    FIG. 12.24
    Monitor RAS connections across your domain using the Remote Access Admin tool.

  3. You can disconnect a user by selecting the user and clicking Disconnect User (see the previous Caution).

  4. You can also send text messages to a selected user or to all connected users by using the Send Message or Send to All buttons.

  5. Click OK when you are finished to return to the Remote Access Admin main screen.

Setting User Permissions

The Remote Access Admin tool enables administrators to set up access privileges and dial-in permissions for user accounts in the Windows NT domain. A remote user must have an account on the RAS server or the Windows NT domain to be able to dial-in using RAS.

RAS uses the Windows NT integrated security model to authenticate user logon IDs and passwords. However, you must use the Remote Access Admin tool to set up dial-in permissions for remote users. Use the following procedure to set up dial-in permissions for remote users:

  1. Select the server or domain for which you want to set dial-in permissions.

  2. Choose Users, Permissions to display the Remote Access Permissions dialog box, as shown in Figure 12.25. This dialog box lists all user accounts available on the server or the domain.
    FIG. 12.25
    You can grant users dial-in access permission using the Remote Access Permissions dialog box.

  3. You can use the Grant All or Revoke All buttons to grant or deny dial-in permissions to all user accounts.


    NOTE: TheGrant All and Revoke All buttons are not available when using a Low Speed Connection. You must set permissions for one user at a time.

  4. You can also set dial-in permissions for an individual account by selecting the account, checking the Grant Dial-in Permission to User box and clicking OK.

  5. The Call Back options determine the method users can use to connect to the RAS server. Using callback, the RAS server accepts a call from a remote user, determines who the user is and from where he is calling, disconnects him, and immediately calls him back to establish a RAS connection.

    TIP: The callback feature is useful for users who must make long distance calls to connect to the server. Remote users can use the callback option to charge long distance connect charges to a central office number rather than their personal phone numbers. This has the added benefit of consolidating billing records.

    Callback is also an effective security measure. Individual user accounts can be configured so as to require the RAS Server to call the user back at a predetermined number before allowing access to the network, making it extremely difficult for an intruder to use the account from another location.

  6. The available options are the following:

    • No Call BackóUsers dial-in and connect to the RAS server.

    • Set By CalleróUsers provide the server with the call-back phone numbers. When this option is enabled, the RAS Server prompts the caller for a call-back number. This is useful for remote users who travel from place to place and do not have access to a regular number. This can also be an effective security measure as all call back numbers are logged.

    • Preset ToóWhen this option is enabled, the RAS Server initiates a call back to the client at the number indicated in the box. This is a very effective security measure as it only allows users to call from a specified number. However, it can not be used for mobile users or users who need to dial-in from multiple locations.

  7. Click OK when you are finished setting permissions to return to the Remote Access Admin main window.

The Remote Access Admin tool is a powerful program for administering and monitoring your enterprise-wide RAS servers. Its single point of management and simplicity of use make it an ideal tool for the job.

From Here...

This chapter provides information on the implementation and administration of the Server side of Windows NT Remote Access Service. Configuration details are explained, and many of the available configuration options are described to give you a better understanding of some of the more common protocol constraints and settings. The Remote Access Admin tool is also described, and several of the common administrative procedures using this tool are detailed. For more information on these and related issues, see the following chapters:

Previous chapterNext chapterContents


Macmillan Computer Publishing USA

© Copyright, Macmillan Computer Publishing. All rights reserved.