07 - Implementing the Remote Access Service (RAS)

• How to install Remote Access Service - Detailed information is presented on how to prepare for installing Remote Access Service on your Windows NT Server machine for providing remote connectivity to your enterprise users.

• How to configure Remote Access Service - A detailed step-by-step discussion of how to configure the Remote Access Service for your enterprise needs. Configuration of communications protocols and options for user connectivity are discussed.

• How to use the Remote Access Admin tool - Learn about using the Remote Access Admin tool for administering and monitoring the Remote Access Service on your Windows NT Server.

• How to set up and use the Remote Access Service clients - A discussion of setting up and using Remote Access Service clients under Windows NT and Windows 95 is presented.

The Remote Access Service (RAS) is Microsoft's answer to providing remote network access in a Windows NT Server environment. RAS is the software in Windows NT Server that handles remote communications in a sophisticated manner. It allows authorized network users in remote locations to participate in the full functionality and features of the network by operating as if they were directly connected to the network. As a matter of fact, for Microsoft clients and network applications, RAS connections are virtually transparent. RAS also provides, in conjunction with native Windows NT Server capabilities, secure network protection via logon validation, access permissions and restrictions, encryption schemes, and call back capabilities. These all serve to ensure remote client access is positively controlled.

RAS is a full-featured software product that includes and supports the following components in any Windows NT RAS configuration:

• TCP/IP, IPX, and NetBEUI local area network (LAN) protocols

• Remote access protocols such as Point-to-Point Protocol (PPP) and Serial Line Internet Protocol (SLIP)

• Wide area network (WAN) connection options using regular telephone lines, Integrated Services Digital Network (ISDN) lines, X.25 packet-switched networks, and RS-232C null modems

• Client PCs running Windows NT, Windows for Workgroups, MS-DOS, LAN Manager, or any client PC using the PPP remote access standard

• Powerful security options in conjunction with the Windows NT security model

• Up to 256 dial-in remote clients

This chapter provides detailed information on how to install and configure RAS on your Windows NT Server, how to enable RAS to handle the various communications protocols available, how to use the RAS Admin tool for administering and monitoring the service, and how to use RAS clients included with Windows NT and Windows 95.

Installing Remote Access Service (RAS)

1. Install the required hardware that will be used for dial-up access.

2. Configure the serial ports attached to the dial-up connection devices.

Install the Required Hardware

• One or more dial-up connection devices, such as an asynchronous modem, or an ISDN modem. For acceptable performance, you should only use connection devices listed in the Microsoft Hardware Compatibility List, which are rated at a minimum of 9,600 baud. Make sure that you have an available serial port if you will be installing an external device, or an available expansion slot if you will be installing an internal device.

  
  Internal modems are not the most flexible option due to the limitation on the number of expansion slots available in a machine. Internal devices also make it difficult to replace a damaged device.
  

  
  Some vendors also supply multiport adapters for providing multiple simultaneous connections capability. These adapters use a dedicated interface for connecting as many as 32 modems at a time. Without using one of these cards, you are limited to the number of serial ports available on your machine for attaching modems.
  

• An X.25 smart card if you are going to connect to an X.25 network.

• An appropriate line connection for the type of RAS connection device you are using. For example, an available phone line for a modem or an ISDN line for an ISDN modem.

During the process of installing the required hardware, you will probably be confronted with the task of configuring the serial port to which your dial-up connection device, or more specifically your modem, is attached. Therefore, the next section explains how you can do this using the Control Panel.

Configure the Serial Port

1. Click on the Control Panel icon in the Main Group window to open the Control Panel Group window shown in figure 7.1.

   Fig. 7.1 Two very important uses of the Windows NT Server Control Panel are to configure serial ports and to configure network parameters.

2. Click the Ports icon in the Control Panel window as illustrated by the cursor in figure 7.1. This causes the Ports dialog box in figure 7.2 to appear.

   Fig. 7.2 The Ports dialog box is used to select a serial port for configuration. The first serial port in the list will be highlighted when the Ports dialog box initially appears.

3. Click the COM port to be configured and click Settings to display the Settings dialog box for the port selected, as reflected in figure 7.3. The initial settings displayed will be the Windows NT Server default settings, or if the port had been previously configured, the settings from the previous configuration.

   Fig. 7.3 The Settings for COM2: dialog box shows the default or previous configuration settings for the communications port and allows for their modification.

4. Baud rate is the speed at which information is transferred through the port. You must match this baud rate to the speed of your modem. Select the appropriate baud rate by clicking the Baud Rate drop-down list box. Available rates range from 75 to 128,000.

   
   For many high-speed modems, compression increases the effective throughput. For a 28,800 bit per second (bps) V.34 modem, the effective throughput may be as high as 57,600 bps.
   

5. Select the number of data bits you want to transmit for each character by clicking the Data Bits drop-down list box. Available choices are 4, 5, 6, 7, and 8. Most characters are transmitted using 7 or 8 data bits.

6. Select the error checking method by clicking the Parity drop-down list box. Available choices are Even, Odd, None, Mark, and Space. A typical choice is None.

7. Select the number of timing units to be used between bits in a transmitted character by clicking the Stop Bits drop-down list box. Available choices are 1, 1.5, and 2. A commonly used setting is 1.

8. Select a method for controlling the flow of data by clicking the Flow Control drop-down list box. Available choices are Xon/Xoff, Hardware, and None. Select Xon/Xoff if software will be used to control the flow of data. If your hardware device will control the flow of data, select Hardware.

9. If you need to change the advanced settings, click Advanced to display the Advanced Setting dialog box shown in figure 7.4. Normally, the default advanced settings will be sufficient to match the capabilities of your modem. If they are not, consult your modem's documentation or contact the manufacturer to determine the advanced settings to use. When you are satisfied with the advanced settings, click OK.

   Fig. 7.4 The default settings in the Advanced Setting dialog box are usually sufficient for most remote communications sessions and serial port configuration requirements.

10. Click OK to close the Settings dialog box. Repeat steps 3 through 10 to configure additional serial ports.

11. Click Close to close the Ports dialog box. Then close the Control Panel.

When you have completed this procedure, the COM port should be configured to properly support your modem. Please follow the directions included with your modem for testing its installation and making sure that it works correctly with your server hardware. In addition, verify that the rest of your hardware components are installed and working properly as well before proceeding with RAS installation. If they are, you should now be ready to proceed with the RAS installation.

Installing RAS Software

1. Double-click the Control Panel icon in the Main Group window to open the Control Panel Group window (refer to fig. 7.1).

2. Double-click the Network icon in the Control Panel Group window to display the Network Settings dialog box, as shown in figure 7.5.

   Fig. 7.5 The Network Settings dialog box is used to add RAS and other network software to the server or client PC.

3. Click Add Software. An Add Network Software dialog box similar to the one shown in figure 7.6 appears.

   Fig. 7.6 The Add Network Software dialog box provides a list of available software components from which you can select the one you want to install.

4. Click the Network Software drop-down list box arrow to expand the list of available software components, and select Remote Access Service as, depicted in figure 7.6.

5. Click Continue to close the Add Network Software dialog box and display the Windows NT Setup dialog box. Specify the path to the Windows NT Server installation files. Figure 7.7 reflects the typical installation path when installing from CD-ROM with a single hard disk and no logical disk drives configured.

   Fig. 7.7 The Windows NT Setup dialog box prompts you for the path of the Windows NT Server installation source files.

6. Click Continue to close the Windows NT Setup dialog box and display the Remote Access Service Setup dialog box. When the dialog box appears, the file copying process will have probably already started. As illustrated in figure 7.8, files will be copied from the installation media (in this case, a CD-ROM) to the appropriate directory on the hard disk. The status bar across the bottom of the dialog box gives you a dynamic update of the copy process status in percent of files copied.

Fig. 7.8 The Remote Access Service Setup dialog box as it appears while files are being copied from the Windows NT Server installation source file media to the installation directory.

When the copy process has been completed, Remote Access Service Setup displays the Add Port dialog box. At this time, you install the appropriate communications device for use with your RAS software. Proceed to the following section to install your communications devices.

Installing the Communications Device

1. When the Add Port dialog box appears, click the Port drop-down list box arrow to expand the list of available COM ports and select the COM port to be used by the Windows NT RAS Server for remote communications (see fig. 7.9). This should be the COM port where the modem cable is attached and the port configured before you installed the RAS software.

   Fig. 7.9 The Add Port dialog box showing the expanded Port drop-down list box with COM port 2 highlighted for selection.

2. Remote Access Setup displays a message box prompting you for permission to initiate automatic detection of your installed modem. This message box also contains an OK button and a Cancel button. Take one of the following actions:
   • Click OK if you want Remote Access Setup to proceed with automatic detection. You may still have to choose your modem model from a short list if Remote Access Setup cannot distinguish between two or more modems. If Remote Access Setup cannot detect the modem, you will be advised via a message box and instructed to check your hardware connections. Click OK to close this message box and display the Configure Port dialog box depicted in figure 7.10.

   • Click Cancel if you want to bypass automatic detection and select the modem yourself from a list provided by Remote Access Setup. The Configure Port dialog box appears immediately, as reflected in figure 7.10.

3. At this point, you should see the Configure Port dialog box. If your modem was automatically detected by Remote Access Setup, it will be displayed in the Attached Device list box. If it was not detected, you must scroll down the Attached Device list box and click the appropriate modem. If your modem is not displayed in the list, you must have a driver for the modem on a disk provided by the modem manufacturer. Follow the instructions for installing the device as supplied by your hardware manufacturer.

   Fig. 7.10 The Configure Port dialog box is used to select a modem type for the communications port.

   
   Most ISDN modems and multiport adapter card devices require software drivers supplied by manufacturers. Follow the instructions carefully to install these devices appropriately.
   

4. In the Port Usage box, indicate whether the modem will be used to support the PC as a RAS Server by only receiving calls, a RAS client by only dialing out, or both a RAS Server and a RAS client (but not simultaneously) by receiving calls and by dialing out. The example in figure 7.10 reflects that the PC will be used as both a RAS Server and a RAS client.

   
   You can use RAS for receiving calls and dialing out simultaneously by using multiple modems. One modem can be used to receive calls and another to dial out at the same time. This is a good method to test your RAS installation by dialing in to the same machine using one of the installed modems for dialing out.
   

5. Click on your modem in the Attached Device list box to highlight it (if it is not already highlighted), and then click Settings to configure your modem. The Settings dialog box illustrated in figure 7.11 appears.

   Fig. 7.11 The Settings dialog box allows you to select options for the communications device.

6. Enable or disable the following check boxes based on your specific requirements. Typically, the first three check boxes are enabled as default settings.
   • Enable Modem Speaker. This setting allows you to turn on the modem speaker sound. It is most useful when first installing your modem and RAS to make sure that everything is working properly. After setup is complete, you can safely turn off the modem speaker by clicking this check box to remove the X. The default setting is enabled.

   • Enable Hardware Flow Control (RTS/CTS). This setting allows you to use the modem's capability to provide data flow control, which enhances connection reliability and data transmission speeds. Most new modems are equipped with this capability. Enable this option if your modem supports it. Refer to the modem documentation for information. The default setting is enabled.

   • Enable Error Control. Enabling this option allows your modem to perform error correction during data transmissions. Most newer modems support error control protocols for recovering from line noise, bad connections, and data transmission errors. The default setting is enabled.

   • Enable Modem Compression. Data compression can dramatically improve performance of a dial-up network link. Compression can be performed in software or in hardware. Software compression is usually more effective, and most RAS sessions use software compression. For data that is already compressed, hardware compression actually reduces performance by trying to recompress the data. Experiment with this setting to determine if it is appropriate for your use. The default setting is disabled.

7. Click OK in the Settings dialog box. Then click OK in the Configure Port dialog box to finish your device installation.

After the communications device is installed, you are finished with the installation process for RAS. You can now move on to configure your RAS setup. Refer to the next section for configuration information and guidelines.

Configuring Remote Access Service

You can also configure RAS at a later time using the Network icon in Control Panel and configuring Remote Access Service under the Installed Software list box.

Fig. 7.12 The Remote Access Setup dialog box reflecting the previously installed communications port and modem.

The Remote Access Setup dialog box allows you to configure various aspects of the RAS setup process. The four buttons displayed at the bottom of the dialog box allow you to configure your ports and communications devices for use with RAS. The following list provides a description of the four buttons and check box displayed at the bottom of the Remote Access Setup dialog box:

• Add. Allows you to add additional ports and devices for use by RAS. The process for adding additional ports and devices is the same as detailed earlier in the "Installing the Communications Device" section.

• Remove. Allows you to remove an existing device installed for use by RAS.

• Configure. Allows you to change the configuration settings for the port. The dialog box is the same as displayed in figure 7.10.

• Clone. Allows you to copy the modem setup information from one port to another so that the two ports are configured identically. This is a great time saver when you are installing multiple modems of similar type on different ports.

• Disable Automatic Restoration of Network Connections at Logon. Clear this check box to restore your previous network connections when you log on to a RAS server. Because restoring connections over a remote link can be time consuming, this check box is enabled by default (which disables automatic restoration and saves time). This check box is used for dial-out purposes only.

In addition to the buttons in the preceding list, the Remote Access Setup dialog box also has a button called Network. This button allows you to configure your RAS server network protocols for dial-out and receiving calls. The following section discusses the configuration options available under the Network dialog box.

Network Configuration For RAS

If no ports are configured for dial-out, the Dial Out Protocols area (and the options within it) will be grayed out and unavailable.

Fig. 7.13 The Network Configuration dialog box allows you to configure your RAS network protocols and security options.

The dial-out protocols available for use by the RAS client are:

• NetBEUI. Allows you to use the NetBEUI protocol for connecting to a RAS server. The NetBEUI protocol is required if you are going to use Windows NT networking resources such as shared network drives or network printers.

• TCP/IP. Allows you to use the TCP/IP protocol for connecting to a RAS client. The TCP/IP protocol is primarily used for facilitating Internet connectivity using RAS.

• IPX. Allows you to use the protocol predominantly used by NetWare servers. If you have NetWare servers as part of your enterprise network and you want to use RAS to connect to those servers, enable the IPX protocol.

Check the appropriate boxes for enabling different dial-out protocols based on your preferences.

The Server Settings options allow you to set the parameters for servicing RAS connections from remote clients. The different protocol options allow you to set the protocols remote callers can use for connecting to your RAS server.

If no ports are configured to receive calls, the Server Settings area (and the options within it) will not be available in the Network Configuration dialog box.

The procedures for configuring each of these protocols are discussed in the sections to follow.

See "," (Chapter 4)

See "," (Chapter 4)

See "," (Chapter 4)

NetBEUI

The NetBEUI check box allows you to configure the options for allowing NetBEUI connections using RAS. To configure NetBEUI, perform these steps:

1. Enable the NetBEUI check box.

2. Click the Configure button across from the NetBEUI option in the Server Settings area of the Network Configuration dialog box to configure the NetBEUI protocol. The RAS Server NetBEUI Configuration dialog box shown in figure 7.14 appears.

   Fig. 7.14 Configuring NetBEUI connectivity options for the RAS server.

3. Click on the radio button next to the access option you want to implement for remote NetBEUI client access to your network. Each option is explained in the following list:
   • Entire Network. Allows remote users to access the entire enterprise network over a RAS connection. This option provides remote users access to every resource they would normally be able to access if they were directly connected to the network.

   • This Computer Only. Allows remote users access to the PC running RAS only. With this option, remote users can use all resources connected to the RAS PC, but cannot access any other resource on the network. This is the default option.

   
   Remote Access Setup enables NetBEUI and the NetBIOS gateway automatically by default. This only leaves you the option of allowing access to the entire network, or denying access to the entire network and granting access to the RAS Server only. One or the other option must be enabled.
   

4. Click OK to close the RAS Server NetBEUI Configuration dialog box and finish configuration of your NetBEUI setup.

The Network Configuration dialog box reappears so that you may configure additional protocols.

TCP/IP

The TCP/IP check box allows you to configure the options for allowing TCP/IP connections using RAS. To configure TCP/IP, perform the following steps:

1. Enable the TCP/IP check box.

2. Click the Configure button adjacent to the TCP/IP option in the Server Settings area of the Network Configuration dialog box to configure the TCP/IP protocol. The RAS Server TCP/IP Configuration dialog box shown in figure 7.15 appears.

   Fig. 7.15 The dialog box shown here is used to configure TCP/IP connectivity options for the RAS server.

3. In the Allow Remote TCP/IP Clients To Access area of the dialog box, click the radio button next to the access option you want to implement for remote TCP/IP client access. Each option is explained in the following list:
   • Entire Network. Allows remote users to access the entire enterprise network over a RAS connection. This option provides remote users access to every resource they would normally be able to access if they were directly connected to the network.

   • This Computer Only. Allows remote users access to the PC running RAS only. With this option, remote users can use all resources connected to the RAS PC, but cannot access any other resource on the network. This is the default option.

4. Select the method of assigning IP addresses to dial-in remote clients. One of three alternatives is possible:
   • Use DHCP To Assign Remote TCP/IP Client Addresses. DHCP stands for Dynamic Host Configuration Protocol. This option enables DHCP assignment of TCP/IP addresses. This allows the RAS server to dynamically obtain TCP/IP addresses from the DHCP server for assignment to remote user PCs connecting to the network using RAS. This method is most useful for minimizing administration overhead.

   • Use Static Address Pool. Assign TCP/IP client addresses from a static pool of available addresses. The static pool sets aside a range of TCP/IP addresses for use by the RAS server for assignment to remote user PCs. Use the Begin and End boxes to specify the static pool address range. You can also use the From and the To boxes to exclude certain addresses from the assigned pool. This provides added flexibility for best using available TCP/IP addresses.

   • Allow Remote Clients To Request a Predetermined IP Address. With this option enabled, you can specify specific IP addresses for your remote user PCs. This allows the users to keep the same IP address at all times.

5. Click OK to close the RAS Server TCP/IP Configuration dialog box and complete your TCP/IP configuration for RAS.

The Network Configuration dialog box reappears so that you may configure additional protocols.

See "," (Chapter 8)

See "," (Chapter 9)

IPX

The IPX check box allows you to configure the options for allowing IPX/SPX connections using RAS. To configure IPX, follow these steps:

1. Enable the IPX check box.

2. Click the Configure button across from the IPX option in the Server Settings area of the Network Configuration dialog box to configure the IPX protocol. The RAS Server IPX Configuration dialog box shown in figure 7.16 appears.

   Fig. 7.16 Configuring IPX connectivity options for the RAS server.

3. In the Allow Remote IPX Clients To Access area of the dialog box, click the radio button next to the access option you want to implement for remote IPX client access. Each option is explained in the following list:
   • Entire Network. Allows remote users to access the entire enterprise network over a RAS connection. This option provides remote users access to every resource they would normally be able to access if they were directly connected to the network.

   • This Computer Only. Allows remote users access to the PC running RAS only. With this option, remote users can use all resources connected to the RAS PC, but cannot access any other resource on the network. This is the default option.

4. Select a method for allocating IPX network numbers. One of four alternatives is possible:
   • Allocate Network Numbers Automatically. RAS software uses the NetWare Router Information Protocol (RIP) to determine unique network numbers that are available for allocation. The RAS Server then allocates that number to the remote client. This method is useful because it requires the least administration overhead for assigning IPX addresses.

   • Allocate Network Numbers. This is the manual method of allocating the network numbers. This method can be the best choice if you want to have more control over network number assignments for security and monitoring purposes. To exercise this alternative, simply click the appropriate radio button and then enter the first network number in the From box. The RAS Server automatically calculates the ending number for you based on number of available ports.

   • Assign Same Network Number To All IPX Clients. Enable this check box to assign the same network number to all IPX clients using either the automatic or manual methods.

   • Allow Remote Clients To Request IPX Node Number. Enable this check box to allow remote clients to request a specific IPX number. This method presents a potential security risk. It allows a remote client to use a previously connected client's node number and potentially impersonate his or her access privileges.

5. Click OK to close the RAS Server IPX Configuration dialog box.

The Server Settings options allow you to determine which protocols will be used to allow remote users connectivity to your RAS server. The choice of protocols depends on your enterprise needs and available protocols being used on your existing network. Only use the protocols necessary to support remote users. Each additional protocol requires additional network bandwidth and slows down network access for your remote clients. You will also slow down your RAS server by processing requests for multiple protocols.

The RAS clients can also determine what protocols they want to use for remote connectivity (usually just one is needed) and minimize bandwidth requirements at their end.

See "," (Chapter 4)

User Authentication Settings

This section discusses the encryption techniques used by RAS for authenticating user logon and password information. Perform the following steps to select an encryption setting:

1. In the Server Settings area of the dialog box, select an encryption setting. The possible encryption options are as follows:
   • Allow Any Authentication Including Clear Text. Enabling this radio button permits remote clients to connect using clear text based authentication. This method presents a security risk because the logon ID and password are transmitted over an unsecured connection using regular text

   • Require Encrypted Authentication. Enabling this radio button permits remote clients to connect using encrypted authentication. This method encrypts the logon ID and password before transmission over the connection line.

   • Require Microsoft Encrypted Authentication. Enabling this radio button permits connection using the Microsoft security model. The logon ID and password are authenticated by the Windows NT Server logon service.

2. Enable the Require Data Encryption check box if you require all data (not just the logon ID and password) sent over the remote link to be encrypted. This option is only available when the Require Microsoft Encrypted Authentication option is enabled. Otherwise, it is grayed out and unavailable.

3. Click OK in the Network Configuration dialog box and finish your RAS configuration. The Remote Access Setup dialog box reappears (refer to fig. 7.12).

The Clone button in the Remote Access Setup dialog box provides a handy shortcut to duplicate the setup of one port to other ports.

After setting up all ports used with RAS, perform the following steps to finish your installation:

1. Click Continue in the Remote Access Setup dialog box to complete RAS setup and redisplay the Windows NT Setup dialog box containing the path to the installation files (refer to fig. 7.7).

2. Click Continue in the Windows NT Setup dialog box after verifying the displayed path to the Windows NT Server installation files is still correct. Setup copies additional files based upon the previously selected protocols and settings for the port(s) and modem(s) to be used with RAS.

3. When the copy process is complete, the Windows NT Setup dialog box containing the path to the installation files appears again (refer to fig. 7.7). Click Continue again to close the Windows NT Setup dialog box and display the Remote Access Service Setup message box informing you that the Remote Access Service has been installed.

4. When you have finished reading the information in the Remote Access Service Setup message box, click OK to close the box and redisplay the Network settings dialog box.

5. Click OK to update the network settings, configurations, and bindings.

6. When the network has been updated and reconfigured, the Network Settings Change message box shown in figure 7.17 appears informing you that the network settings have changed and that you must exit and restart Windows NT Server for the new settings to take effect. Either click Restart Now to automatically exit and restart Windows NT Server immediately, or click Don't Restart Now to close the message box and redisplay the Control Panel window.

   Fig. 7.17 The Network Setting Change message box simply advises you of the need to restart the system before the changes will take effect.

7. If you clicked Don't Restart Now, close Control Panel. RAS will start after the next server restart.

The installation and configuration of your RAS server is now complete.

Using the Remote Access Admin Tool

The Remote Access Admin tool can be started by double-clicking the Remote Access Admin icon in the Remote Access Services group in Program Manager. Figure 7.18 shows the main screen for the Remote Access Admin program.

Fig. 7.18 Remote Access Admin tool can be used to administer all your RAS servers on the enterprise network.

The Remote Access Admin tool displays the following information about available RAS servers:

• Server. The name of the computer running RAS.

• Condition. The status of the RAS service on the server. Possible options are Running, Stopped, and Paused.

• Total Ports. The number of RAS ports configured for use on the machine.

• Ports In Use. The ports currently being used by remote users for connection to the server.

• Comment. A descriptive statement about the RAS server machine, such as the machine location.

The Remote Access Admin tool is installed by default as part of the RAS server installation process.

The following sections detail some of the administration and monitoring capabilities of the Remote Access Admin tool.

Selecting RAS Servers for Administration

If you are running RAS on a Windows NT domain controller machine, the default option is to manage RAS servers in the domain. If you are running RAS on a Windows NT Server, the default option is to manage the RAS server on that machine only.

To select a RAS server or domain for administration:

1. Start Remote Access Admin by double-clicking the Remote Access Admin program icon in the Remote Access Service group.

2. Choose Server, Select Domain or Server to display a Select Domain dialog box, such as the one illustrated in figure 7.19.

   Fig. 7.19 You can manage all RAS servers in a domain by choosing Server, Select Domain or Server from the menu and then selecting the domain.

3. In the Select Domain dialog box, the Select Domain list box shows all the available domains. Select the desired domain from the list or type the name into the Domain text box.

4. Check the Low Speed Connection check box if the connection to the RAS server or domain is going to be over a dial-up link.

5. Click OK to continue, and the RAS servers in that domain will be listed when you return to the main Remote Access Admin window.

After you have selected the RAS server or domain, you can administer them or monitor their operation using the Remote Access Admin tool.

Start, Stop, Pause, or Continue RAS Services

To start RAS services, perform the following steps in Remote Access Admin:

1. In the menu bar, choose Server, Start Remote Access Service to display the Start Remote Access Service dialog box, as depicted in figure 7.20.

   Fig. 7.20 Start a Remote Access Service by Selecting the appropriate menu option from the Server menu.

2. Type in the RAS server name by using the \\<computername> notation and click OK.

3. RAS attempts to start the Remote Access Service on the specified server and displays the updated status on the main Remote Access Admin screen.

To stop RAS services, perform the following steps in Remote Access Admin:

1. Select the RAS server on which you want to stop the RAS service by selecting it from the list.

2. In the menu bar, choose Server, Stop Remote Access Service to display the Stop Remote Access Service dialog box shown in figure 7.21.

   Fig. 7.21 Stop a Remote Access Service by Selecting the appropriate menu option from the Server menu.

3. Click Yes to stop the service or No to cancel the operation.

4. If you click Yes, RAS attempts to stop the Remote Access Service on the specified server and displays the updated status on the main Remote Access Admin screen.

To pause RAS services, perform the following steps in Remote Access Admin:

1. Select the RAS server that you want to pause the RAS service on by selecting it from the list.

2. In the menu bar, click Server, Pause Remote Access Service.

3. RAS attempts to pause the Remote Access Service on the specified server and displays the updated status on the main Remote Access Admin screen. Currently connected users can continue to operate without any impact, however no new users will be able to connect.

To continue RAS services, perform the following steps in Remote Access Admin:

1. Select the RAS server that you want to continue the RAS service on by selecting it from the list.

2. In the menu bar, choose Server, Continue Remote Access Service.

3. RAS attempts to continue the Remote Access Service on the specified server and displays the updated status on the main Remote Access Admin screen.

You can perform the preceding steps on any available RAS server within your enterprise network from a central computer.

Monitoring RAS Ports

1. Select a RAS server from the list. From the menu bar, choose Server, Communication Ports to display the Communication Ports dialog box shown in figure 7.22. The Communication Ports dialog box lists all the ports configured for RAS usage on the selected server. It also displays any users connected to the port and the time the user started the RAS connection.

   Fig. 7.22 Monitor the status of your RAS ports using the Remote Access Admin tool.

2. Select a Port and click Port Status to obtain detailed status about that port, as shown in figure 7.23.

   Fig. 7.23 The Port Status screen displays detailed information about a configured port and the activity on that port.

3. Click OK to close the Port Status dialog box and return to the Communication Ports dialog box.

4. If any users are connected to the RAS server, you can disconnect them by selecting the appropriate port and clicking Disconnect User.

   
   The Disconnect User option can be used to disconnect a user who has closed a connection but the line connection has not dropped for some reason.
   

5. You can also send text messages to a selected user or to all connected users by using the Send Message or Send to All buttons.

   
   The capability to send messages to connected users is helpful if you are going to bring the server down for some reason and want all connected users to disconnect.
   

6. Click OK when you are finished to return to the Remote Access Admin main screen.

Monitoring RAS Connections

1. Choose Users, Active Users.

2. The Remote Access Users dialog box appears, as shown in figure 7.24. All users connected to the RAS servers across the domain are displayed with the server name they are connected to and the time the connection started.

   Fig. 7.24 Monitor RAS connections across your domain using the Remote Access Admin tool.

3. You can disconnect a user by selecting the user and clicking Disconnect User.

   
   The Disconnect User button can be used to disconnect a user who has closed connection but whose line connection has not dropped for some reason.
   

4. You can also send text messages to a selected user or to all connected users by using the Send Message or Send to All buttons.

5. Click OK when you are finished to return to the Remote Access Admin main screen.

Setting User Permissions

RAS uses the Windows NT integrated security model to authenticate user logon IDs and passwords. However, you must use the Remote Access Admin tool to set up dial-in permissions for remote users. Use the following procedure to set up dial-in permissions for remote users:

1. Select the server or domain for which you want to set dial-in permissions.

2. Choose Users, Permissions to display the Remote Access Permissions dialog box, as shown in figure 7.25. The dialog box lists all user accounts available on the server or the domain.

   Fig. 7.25 Users can be granted dial-in access permission using the Remote Access Admin tool.

3. You can use the Grant All or Revoke All buttons to grant or deny dial-in permissions to all user accounts.

   
   The Grant All and Revoke All buttons are not available when using a Low Speed Connection. You must set permissions for one user at a time.
   

4. You can also set dial-in permissions for an individual account by selecting the account, checking the Grant Dialin Permission To User box and clicking OK.

5. The Call Back options determine the method users can use to connect to the RAS server. Using callback, the RAS server accepts a call from a remote user, determines who the user is and from where they are calling, disconnects them, and immediately calls them back to establish a RAS connection.

   
   The callback feature is useful for users who must make a long distance call to connect to the server. Remote users can use the callback option to cause long distance connect charges to be accrued to a central office number rather than their personal phone number. This has the added benefit of consolidating billing records. Callback is also an effective security measure. Individual user accounts can be configured so as to require the RAS Server to call the user back at a predetermined number before allowing access to the network, making it extremely difficult for an intruder to use the account from another location.
   

   The available options are:

   • No Call Back. Users dial-in and connect to the RAS server.

   • Set By Caller. Users instruct the server as to the number at which they want to be called back. When this option is enabled, the RAS Server prompts the caller for a callback number. This is useful for remote users who travel from place to place and do not have access to a regular number.

   • Preset To. When this option is enabled, the RAS Server initiates a callback to the client at the number indicated in the box.

6. Click OK when you are finished setting permissions to return to the Remote Access Admin main window.

The Remote Access Admin tool is a powerful program for administering and monitoring your enterprise-wide RAS servers. Its single point of management and simplicity of use make it an ideal tool for the job.

Remote Access Clients

Windows NT

Fig. 7.26 The Remote Access client can be used to connect to RAS servers, as well as most Internet service providers when configured as a SLIP or PPP client.

You can use the Remote Access client to do the following:

• Create phone book entries for frequently called numbers and locations

• Set up and configure communications devices for RAS dial-up connections

• Enable network protocols to use for dial-up RAS connections

• Set up security options for logon and password authentication over RAS connections

• Edit existing phone book entries to change configuration options

• Clone or remove existing phone book entries

Windows NT 3.1 clients do not support PPP, but they can use the Microsoft RAS protocol and are fully compatible with all Microsoft RAS versions. Windows NT 3.5x clients, on the other hand, can exploit all the features of Windows NT 3.5x RAS. They can connect to any Microsoft RAS, non-Microsoft remote access PPP-compliant server, or SLIP server; they can log on and authenticate through any of these servers; and their RAS phone book entries can utilize tailored scripts to completely automate the logon process. Windows NT 3.5x clients can also provide the support to run TCP/IP or IPX applications on client PCs that directly communicate with servers on the LAN using TCP/IP or IPX.

Windows 95

Dial-Up Networking can also be installed as part of the initial Windows 95 installation process.

To install Dial-Up Networking, select the Windows Setup tab under Add/Remove Programs dialog box, double-click Communications and select the Dial-Up Networking option.

Dial-Up Networking under Windows 95 installs a special network adapter called the Dial-Up Adapter to simulate network connectivity. The Dial-Up Adapter points to your installed communications device and allows you to bind network protocols such as NetBEUI, TCP/IP, and IPX to the adapter.

After you have installed and configured Dial-Up Networking under Windows 95, a new folder is created under My Computer called Dial-Up Networking. Within that folder is an icon called Make New Connection. You can use this icon to create new connection entries for your remote access connectivity. These icons are similar in concept to the phone book entries under Windows NT. Figure 7.27 shows the Make New Connection dialog box.

Fig. 7.27 The Make New Connection icon under Dial-Up Networking can be used to create Windows 95 dial-up entries.

Each new connection you create is represented by a Dial-Up Networking icon within the folder. You can configure options for each dial-up connection by using the right mouse button and selecting the Properties menu option from the pop-up menu that appears.

Windows 95 clients can exploit all the features of Windows NT 3.5x RAS server. They can connect to any Microsoft RAS, non-Microsoft remote access PPP-compliant server, or SLIP server; they can log on and authenticate through any of these servers. Windows 95 clients can also provide the support to run TCP/IP or IPX applications on client PCs that directly communicate with servers on the LAN using TCP/IP or IPX.

From Here...

• To review basic concepts concerning network protocols supported by Windows NT and Microsoft BackOffice, see Chapter 4, "Becoming Part of the Enterprise."

• To review basic installation and setup procedures for Windows NT Server, see Chapter 5, "Implementing Widows NT Server."

• To review information on managing and controlling Windows NT server networks, see Chapter 6, "The Role of the Network Administrator."

• To gain a better understanding of the popular TCP/IP transport protocol, see Chapter 8, "Using TCP/IP with Windows NT Server."

Table of Contents

06 - The Role of the Network Administrator

08 - Using TCP/IP with Windows NT Server