How to configure a remote
access policy in Windows 2003
By default, there are two remote access policies available
in Windows Server 2003, Connections to Microsoft Routing and Remote Access
server and Connections to other access servers
Windows Server 2003 uses the Connections to other access servers policy only
when one of the following conditions is true:
1. The Connections to Microsoft Routing and Remote Access
server policy is unavailable.
2. The order of the policies has been changed.
To configure a new remote access security policy, follow these steps:
1. Click Start, point to Programs, point to Administrative
Tools, and then click Routing and Remote Access.
2. Expand Server_Name, and then click Remote Access Policies.
Note If you have not configured remote access, click Configure and Enable
Routing and Remote Access on the Action menu, and then follow the steps in
the Routing and Remote Access Server Setup Wizard.
3. Create a new remote access policy.
a. Right-click Remote Access Policies, and then click New Remote Access
b. In the New Remote Access Policy Wizard, click Next.
c. In the Policy name box, type Test Policy, and then click Next.
d. On the Access Method page, click Dial-up, and then click Next.
e. On the User or Group Access page, click User or Group, and then click
Note If you want to configure the remote access policy for a group, click
Add, type the name of the group in the Enter Object Names To Select box, and
then click OK.
f. On the Authentication Methods page, make sure that only the Microsoft
Encrypted Authentication version 2 (MS-CHAPv2) check box is selected, and
then click Next.
g. On the Policy Encryption Level page, click Next.
h. Click Finish.
A new policy named Test Policy appears in the Remote Access Policies node.
i. In the right pane, right-click Test Policy, and then click Properties.
j. In the Test Policy Properties dialog box, make sure that Grant remote
access permission is selected.
k. Click Edit Profile, click to select the Allow access only on these days
and at these times check box, and then click Edit.
l. Click Denied, click Monday through Friday from 8:00 A.M. to 4:00 P.M.,
click Permitted, and then click OK.
m. Click OK to close the Edit Dial-in Profile dialog box.
n. Click OK to close the Test Policy Properties dialog box.
The Test Policy policy is in effect.
o. Repeat steps a through h to create another remote access policy named
Test Block Policy.
p. In the right pane, right-click Test Block Policy, and then click
q. In the Test Block Policy Properties dialog box, click Deny remote access
The Test Block Policy policy is in effect.
4. Quit Routing and Remote Access.
Post your questions, comments, feedbacks and suggestions
Contact a consultant