OPERACIÓN Y MANTENIMIENTO DE HUMEDALES ARTIFICIALES

In this section, you will configure the permissions, policies, and profiles that control user access to remote access services.

This section corresponds to Chapter 8, “Managing User Access to Remote Access Services,” in the MCSA/MCSE: Windows Server 2003 Network Infra-structure Implementation, Management, and Maintenance Study Guide.

You will perform the following tasks:

Exercise 8.1: Creating a Remote Access Policy

Exercise 8.2: Configuring a User Profile for Dial-In Access

Exercise 8.3: Configuring Encryption

Exercise 8.4: Creating a VPN Remote Access Policy

Exercise 8.5: Configuring Authentication Protocols

Exercise 8.1: Creating a Remote Access Policy

In this lab, you will create a remote access policy for restricting access to the RRAS server.

1. Switch to the RRAS snap-in that should still be open from the previous lab.

2. Expand the server you want to configure in the left pane of the MMC.

3. Select the Remote Access Policies folder.

4. Select Action  New Remote Access Policy. The New Remote Access Policy Wizard starts.

Click Next to dismiss the Welcome page and continue with the wizard.

5. On the Policy Configuration Method page, select the Set Up A Custom Policy radio button, type Working Hours Restrictions in the Policy Name field, and then click the Next button.

5024m02.fm Page 62 Friday, October 29, 2004 1:09 PM

Managing User Access to Remote Access Services 63

6. On the Policy Conditions page, click the Add button. The Select Attributes dialog box appears.

7. Select the Day-and-Time-Restrictions attribute and then click the OK button.

8. The Time Of Day Constraints dialog box appears. Use the calendar controls to allow remote access Monday through Saturday from 7 A.M. to 7 P.M. and then click the OK button.

9. The Conditions page reappears, this time with the new condition listed. Click the Next button.

10. The Permissions page appears. Select the Grant Remote Access Permission radio button and click Next to continue.

11. The Profile page appears. Click the Next button (you’ll edit the profile in the next exercise).

12. Click the Finish button on the confirmation screen to close the wizard and save your changes. Leave the window open since you will need it again later in this section.

Exercise 8.2: Configuring a User Profile for Dial-In Access

In this lab, you will configure a user profile for dial-in access.

1. Open the Active Directory Users And Computers snap-in by selecting Start  Administra-tive Tools  Active Directory Users And Computers.

2. Expand the tree to the Users folder. Right-click the Administrator account in the right-hand pane and choose Properties. The Administrator Properties dialog box appears.

3. Switch to the Dial-In tab. On machines that participate in Active Directory, the Control Access Through Remote Access Policy radio button in the Permissions group should be set.

4. Click the Deny Access radio button to prevent the use of this account over a dial-in connection.

5. Click the OK button. Close the Active Directory Users and Computers window.

Exercise 8.3: Configuring Encryption

In this lab, you will configure encryption settings on the RRAS server.

1. Open the RRAS snap-in by selecting Start  Administrative Tools  Routing And Remote Access.

2. Expand the server in the left pane of the MMC.

3. Select the Remote Access Policies folder. The right pane of the MMC displays the policies defined for this server. Select the Working Hours Restrictions policy (which you created in Exercise 8.1).

4. Select Action  Properties. The policy Properties dialog box appears.

5024m02.fm Page 63 Friday, October 29, 2004 1:09 PM

64 Module 2
Windows Server 2003 Network Infrastructure Implementation

5. Click the Edit Profile button. The Edit Dial-In Profile dialog box appears. Select the Encryp-tion tab.

6. Uncheck the No Encryption checkbox. Make sure that the Basic, Strong, and Strongest checkboxes are all marked.

7. Click the OK button. When the policy Properties dialog box reappears, click the OK button.

8. Leave the window open for the next lab.

Exercise 8.4: Creating a VPN Remote Access Policy

In this lab, you will create a policy for controlling access to the VPN.

1. In the RRAS window, expand the server node until you see the Remote Access Policies node.

2. Right-click the Remote Access Policies folder and choose New Remote Access Policy. This starts the New Remote Access Policy Wizard. Click Next on the Welcome screen.

3. Name the policy VPN Access and then click the Next button.

4. When the Policy Conditions page of the wizard appears, click the Add button to add this condition: NAS-Port-Type Attribute Set To “Virtual (VPN).” Click OK. Click the Next button. Click Next on the Policy Conditions page.

5. In the Permissions page of the wizard, make sure the Grant Remote Access Permission radio button is selected (unless you’re trying to prevent VPN users from connecting). Click the Next button.

6. The Profile page appears next. If you want to create a specific profile (perhaps to restrict which authentication types VPN clients may use), use the Edit Profile button to specify the new profile. At a minimum, you should clear the No Encryption option on the Encryption tab of the remote access profile. When you’re done editing the profile, click OK, click the Next button, then click the Finish button to create and activate the policy.

7. Leave the window open for the next lab.

Exercise 8.5: Configuring Authentication Protocols

In this lab, you will configure authentication protocols in RRAS.

1. In the RRAS window, select the server and then select Action  Properties to open the server Properties dialog box.

2. Switch to the Security tab. Make sure that Windows Authentication is selected in the Authentication Provider drop-down list.

3. Click the Authentication Methods button. The Authentication Methods dialog box appears.

5024m02.fm Page 64 Friday, October 29, 2004 1:09 PM