How to Configure Unauthenticated Access for the Routing and Remote Access Service or for Internet Authentication Service

Article translations Article translations
Article ID: 826156 - View products that this article applies to.
Expand all | Collapse all

On This Page

SUMMARY

This article describes how to configure the Routing and Remote Access service or the Internet Authentication Service (IAS) to accept unauthenticated access. By default, the Routing and Remote Access service and the IAS service use the Guest account for unauthenticated access. This article discusses how to enable these services for unauthenticated access without using the Guest account.

Windows 2000 Server

Configure Unauthenticated Access in Routing and Remote Access

To configure unauthenticated access in the Routing and Remote Access service, follow these steps:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
  2. Right-click Your_Server_Name, and then click Properties.
  3. Click the Security tab, and then click Authentication Methods.
  4. In the Authentication Methods dialog box, click to select the Allow remote systems to connect without authentication check box in the Unauthenticated Access area, and then click OK.

Grant Remote Access Permission

  1. On the authenticating server, in Routing and Remote Access or in Internet Authentication Service, click Remote Access Policies.
  2. In the right pane, right-click Allow access if dial-in permission enabled, and then click Properties.
  3. Click Grant remote access permission, and then click OK.
  4. Quit Routing and Remote Access or Internet Authentication Service.

Configure a Different Account for Unauthenticated Access

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Create a user account to use for unauthenticated access. To do this, follow these steps:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Expand Your_Domain, right-click Users, point to New, and then click User.
  3. Create the user account that you want to use for unauthenticated access.
  4. After the user account is created, right-click the user name, and then click Properties.
  5. Click the Dial-in tab.
  6. In the Remote Access Permission (Dial-in or VPN) area, click Allow access, click Apply, and then click OK.
  7. QuitActive Directory Users and Computers.
  8. On your authenticating server, click Start, click Run, type regedit, and then click OK.

    Depending on your configuration, the authenticating server is either the Routing and Remote Access server or the Internet Authentication Service server.
  9. Expand the following registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Policy
  10. Right-click
    Policy
    , point to New, and then click String value.
  11. Type Default User Identity, and then press ENTER to name the new value.
  12. Double-click
    Default User Identity
    .
  13. In the Value data box, type the name of the user account that you want to use for unauthenticated access, and then click OK.
  14. Quit Registry Editor.
Note Changes to the registry setting do not take effect until you restart the Routing and Remote Access service or until you restart Internet Authentication Service.

Windows Server 2003

Configure Unauthenticated Access in Routing and Remote Access

To configure unauthenticated access in the Routing and Remote Access service, follow these steps:
  1. Click Start, point to Administrative Tools, and then click Routing and Remote Access.
  2. Right-click Your_Server_Name, and then click Properties.
  3. Click the Security tab, and then click Authentication Methods.
  4. In the Authentication Methods dialog box, click to select the Allow remote systems to connect without authentication check box in the Unauthenticated Access area, and then click OK.

Grant Remote Access Permission

  1. On the server that authenticates dial-in access, click Routing and Remote Access in Routing and Remote Access or in Internet Authentication Service, double-click Your_Server_Name, and then click Remote Access Policies.
  2. Right-click Connections to Microsoft Routing and Remote Access server, and then click Properties.
  3. Under Policy Conditions, click the policy that you want to enable unauthenticated access for, and then click Edit Profile.
  4. Click the Authentication tab, click to select the Allow clients to connect without negotiating an authentication method check box in the Unauthenticated access area, and then click OK.
  5. You receive a message that prompts you to view the Help topics. Click No.
  6. Click Grant remote access permission, click Apply, and then click OK.
  7. Quit Routing and Remote Access or Internet Authentication Service.

Configure a Different Account for Unauthenticated Access

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Create a user account to use for unauthenticated access. To do this, follow these steps:
  1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Expand Your_Domain, right-click Users, point to New, and then click User.
  3. Create the user account that you want to use for unauthenticated access.
  4. After the user account is created, right-click the user name, and then click Properties.
  5. Click the Dial-in tab.
  6. In the Remote Access Permission (Dial-in or VPN) area, click Allow access, click Apply, and then click OK.
  7. QuitActive Directory Users and Computers.
  8. On your authenticating server, click Start, click Run, type regedit, and then click OK.

    Depending on your configuration, the authenticating server is either the Routing and Remote Access server or the Internet Authentication Service server.
  9. Expand the following registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Policy
  10. Right-click
    Policy
    , point to New, and then click String value.
  11. Type Default User Identity, and then press ENTER to name the new value.
  12. Double-click
    Default User Identity
    .
  13. In the Value data box, type the name of the user account that you want to use for unauthenticated access, and then click OK.
  14. Quit Registry Editor.
Note Changes to the registry setting do not take effect until you restart the Routing and Remote Access service or until you restart Internet Authentication Service.

REFERENCES

For more information about unauthenticated access, search Microsoft Windows 2000 Help or in Microsoft Windows Server 2003 Help by using the term "unauthenticated access."

Properties

Article ID: 826156 - Last Review: October 30, 2006 - Revision: 2.3
APPLIES TO
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
Keywords: 
kbhowtomaster kbwinservnetwork kbnetwork kbinfo KB826156

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com