Sams Teach Yourself MCSE Windows NT Server 4 in 14 Days
(Publisher: Macmillan Computer Publishing)
Author(s): David Schaer, et al
ISBN: 0672311283
Publication Date: 12/15/97

Use Static Address Pool This option enables you to define a range of IP addresses from which your remote clients will be assigned an IP address. This also is dynamic, in that each time a user dials in, she is assigned a different IP address.

This option also gives you the choice of excluding ranges of addresses from the static address pool. This can be useful if you want all remote clients to use a certain range of IP addresses but want some of your remote clients to have a static, predetermined IP address.

If your network is using DHCP for IP address assignment, and you want to set up your static pool using addresses within the DHCP scope, you must exclude them from the scope on the DHCP server.

Allow Remote Clients to Request a Predetermined IP Address Some of your remote clients might require a predefined IP address that does not change each time they connect to your network. This option enables the client to specify in her network settings what the IP address is, instead of having it assigned to her. Note that although the previous two options are mutually exclusive, this option can be used in conjunction either with DHCP or with a static pool of addresses.

TCP/IP is the protocol of choice on just about any network today. It is also the protocol of the Internet. This is important, because is it the only protocol stressed in the NT exams. Although having a deep knowledge of the protocol for the NT Server exam is not too important, it becomes much more important in the Server Enterprise exam.

IPX

IPX (Internetwork Packet Exchange) is the protocol of choice for networks using Novell’s NetWare. If your network is using NetWare, and you need your remote clients to be able to access these resources, you must enable IPX.

Choose Configure for IPX on the Network Configuration dialog box to open the RAS Server IPX Configuration dialog box shown in Figure 13.8.

Figure 13.8.  Enable IPX in the RAS Server IPX Configuration dialog box.

As with the other protocols, you can choose whether remote clients have access to the Entire network or to This computer only.

The other options available are similar to the options for TCP/IP. IPX requires that you assign all computers a network number. The default is to assign the numbers automatically and assign the same network number to all clients. If you choose the default options, no other configuration is necessary.

If you want, you can designate a pool of network numbers that will be assigned to all of your remote clients. You also have the option of letting remote clients choose their own network numbers.

Allowing clients to choose their own network numbers represents a potential security violation, because it is possible for one client to impersonate another by using that client’s network number.

The only thing you really must know about IPX for the exam is that it is required for any network activity involving Novell’s NetWare.

PPTP (Point-to-Point Tunneling Protocol)

PPTP is basically a method for using one networking protocol through another protocol. For example, a remote client can be connected to a RAS Server via TCP/IP and tunnel through that protocol by using another protocol, such as IPX. The most common use of this scenario is to securely access a remote network over the Internet. If a RAS Server is connected to the Internet, the remote user can dial up an existing account with a local Internet service provider. After that connection is established using TCP/IP, a second connection (called a tunnel) is established between the RAS Server and the remote user using any protocol (including TCP/IP). This type of connection is illustrated in Figure 13.9. The primary advantage to PPTP is that a remote user can dial a local ISP instead of making a long distance call directly to her company’s RAS Server.

Figure13.9.  Use PPTP to connect to a RAS Server over the Internet.

The PPTP client software is included with Windows NT Server and Workstation. It also currently is available for Windows 95 with the version 1.2 upgrade to Microsoft Dial-Up Networking, which is available at http://www.microsoft.com/windows95/info/updates.htm.

13.4. Configuring RAS Security

Security is of major concern on any network, and it is an especially important issue if you choose to allow dial-up access to your network. RAS provides several different types of security. Note that this section includes information only about the security RAS provides. To ensure a secure networking environment, you should familiarize yourself with all aspects of Windows NT security.

13.4.1. NT Authentication

The RAS Server uses the same database to verify the user accounts, passwords, and permissions that NT Server uses. This ensures that the maintenance of users and administration of security is consistent and centralized. Whenever a remote user dials into your network, RAS server sends a challenge to the remote system requesting account information regarding that user. The client system sends an encrypted response to the RAS Server with the user account details. After RAS verifies that the account exists, RAS Server checks to see whether dial-in access has been granted to that user. If it has, the user then must successfully log on to Windows NT. This means that it is necessary for any remote user attempting to log on to have both a valid Windows NT account and the permission to dial in to the RAS Server.

With this in mind, it generally is recommended that you disable the built-in Guest account on any NT network. This especially is true if you are allowing dial-in access. This allows for better accountability because each remote user must log on with a different user account. If many users log on by using the single Guest account, associating any individual user with a particular action can be difficult or impossible. You can disable the Guest account by using User Manager for Domains.

How the Guest account affects various aspects of an NT network is a recurring theme in many of the exams you will take. Keep the preceding caution in mind as you study, because it applies to many different facets of NT.