How I may help
LinkedIn Profile Email me!
Call me using Skype client on your machine

Reload this page Windows Remote Access and Terminal Services

Here are my notes on how Windows 2000 server can be accessed remotely using two technologies:

"Access Denied" by man and woman


Topics this page:

  • Transport Options

  • RRAS

  • PPP Connection Logging
  • Terminal Services

  • Announcements

  • Supportware

  • Related:
    another page on this site Application Development

    Site Map List all pages on this site 
    About this site About this site 
    Go to first topic Go to Bottom of this page

    Go to top of page Transport Product Options Overview

      There are several transports to remotely connect into a Windows 2000 machine:

      • Dial-up using analog modems over phone lines on the Public Switched Telephone Network (PSTN).

      • Through a TCP/IP NIC card, create a VPN (Virtual Private Network) connection using encrypted traffic over the public TCP/IP Internet. Two protocols are used to encapsulate PPP frames for secure transmission over IP:
        • PPTP (Point-to-Point Tunneling Protocol)
        • L2TP (Layer 2 Tunneling Protocol), a combination of PPTP and L2F (Layer 2 Forwarding) protocols.

      toolFor Network Diagnostics:

        netsh diag gui


    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Go to top of page RRAS (Routing and Remote Access Service)

      Configure inbound connections on the domain controller.
      Configure outbound connections for domain members.

      To grant new user accounts dial-up access, first create a Universal group such as “Dialup Users” and modify the remote access policy to allow dial-up access. Then, add users to the group.

      In an NT or Windows 2000 mixed-mode domain, individual accounts are Allowed or Denied access.

      In a native Windows 2000 domain, control access using the remote access policy. It is by default set to deny access.

        netsh ras ip show config
        Negotiation mode: allow
        Access mode: all
        Address request mode: deny
        Broadcast name resolution: disabled
        Assignment method: auto

      To add an entry to the routing table using scriptfilex:

        netsh ras add -f scriptfilex

      To set time limits for sessions, use the “Routing and Remote Access” MMC console, Properties for the RRAS server, Profile, Dial-in Constraints.

      By default, the Windows 2000 system event log only contains RAS errors. To control the level of RRAS data captured ...

      RRAS servers that use Windows accounting store authentication events into log files within folder

      To set RRAS to output activity data to trace logs, configure tracing in the registry.

      RRAS configured to use one of these formats:

      • Internet Authentication Service (IAS) 1.0
      • Open Database Connectivity (ODBC)


    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Set screen ProdRRAS

      To use RRAS as a router: ...

      To send multicast audio and video through an intranet, create an IP-in-IP tunnel interface:

      1. Open the RRAS snap-in,
      2. right-click Routing Interfaces under the router in the console tree,
      3. Under IP Routing in the console tree, right-click General
      4. select New Interface from the context menu
      5. In the New Interface for IP dialog box, select the interface.
      6. On the Tunnel tab of the Properties sheet, specify the IP addresses of the Windows 2000 router, the remote Windows 2000 router; the TTL value before OK.


    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Set screen En/Disabling PPP Connection Logging

      To enable PPP logging for troubleshooting PPP connections to file PPP.LOG in the %systemroot%\Tracing folder.

        netsh ras set tracing ppp enabled

      To stop PPP logging:

        netsh ras set tracing ppp disabled

      Add, set (update), and delete entries in -alias configuration files.

    Modem logs are contained in %systemroot%\Modemlog_model.txt. It is automatically overwritten unless you adjust the logging settings using Control Panel applet “Phone and Modem Options”.

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Go to top of page Windows Terminal Services

      Terminal Services enables all client application execution, data processing, and data storage to be performed over any TCP/IP connection to a Terminal Server. Terminal Services provides remote access to a server desktop through terminal emulation software. This means that users can disconnect from a session without logging off. So they can leave a session active (running) while disconnected and then reconnect to the existing session at another time or even from another machine.

      The Terminal Services client software is a “super-thin client”. it sends keystrokes and mouse movements to the Terminal server, which manipulates the data locally and passes back the display. This brings Windows desktops to machines that cannot run Windows, such as legacy desktops including Win16, Macintosh, and Unix.

      Terminal Services contains its own methods for licensing clients that log on to Terminal servers. This enables users to simultaneously log on to multiple Terminal Server sessions from different desktops.

      The Terminal Services licensing method is separate from the method used for Windows 2000 Server clients.

        With Windows NT4, Terminal Services Edition was a separate product called Terminal Server Edition.

        With Windows 2000, Terminal Services is a built-in feature of Windows 2000 Server.

      Terminal Services Licensing includes four primary components:

      • the Microsoft Clearinghouse,
      • a license server,
      • a Terminal server, and
      • client licenses.

      Terminal Services is enabled in either Remote Administration mode or Application Server mode. Remote Administration allows you to administer a Windows 2000 Server computer remotely over any TCP/IP connection. You can administer file and print sharing, edit the registry, or perform any task as if you were sitting at the console. Remote Administration installs only the remote access components of Terminal Services. It does not install application sharing components, which means you can use Remote Administration with little overhead. Terminal Services allows up to two concurrent Remote Administration connections. No additional licensing is required, and you do not need a license server. In Application Server mode, you can deploy and manage applications from a central location. You can install applications directly on the Terminal server, or you can use remote administration. After an application is deployed in Terminal Services, clients can connect through a remote access connection, a LAN or WAN, and from many types of clients. Client licensing is required when deploying a Terminal server as an application server. Each client computer must have the Terminal Services Client Access License as well as the Windows 2000 Server Client Access License .

      The three standard permission levels for Access Control Settings:

      • Full Control
      • User Access
      • Guest Access

      There are no group policies to control Terminal Services connections.


    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Go to top of page Announcements

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Go to top of page Associated Software

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Portions ©Copyright 1996-2010 Wilson Mar. All rights reserved. | Privacy Policy |

    How I may help

    Send a message with your email client program

    Your rating of this page:
    Low High

    Your first name:

    Your family name:

    Your location (city, country):

    Your Email address: 

      Top of Page Go to top of page

    Thank you!