492 Chapter 12  Dial-Up Networking and Internet Connectivity  The Include Windows Logon Domain option works in conjunction with the Prompt for Name and Password, Certificate, Etc. option. This option specifies that Windows logon- domain information should be requested prior to initiating a connection.  The Prompt for Phone Number option allows the telephone number to be viewed, selected, or modified prior to initiating a connection. FIGURE 12.19 The Options tab of the Connection Properties dialog box The options for redialing let you specify the number of redial attempts if the connection is not established, and the time between the redial attempts. You can also designate how long a con- nection will remain idle before the computer hangs up. If you want the computer to redial the connection number should the connection be dropped, check the Redial if Line Is Dropped check box. The X.25 button at the bottom of this dialog box can be used to configure an X.25 connection. This requires you to know which X.25 provider you are using and the X.121 address of the remote server you wish to connect to. Configuring RAS Connection Security Security settings are among the most important options to be configured for dial-up connections. You can set typical or advanced (custom settings) security options in the Security tab of the Connection Properties dialog box, as shown in Figure 12.20. This tab also has options for interactive logon and scripting. Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. COPYING PROHIBITED www.sybex.com Creating a Connection to a Remote Access Server 493 FIGURE 12.20 The Security tab of the Connection Properties dialog box Connections that are more secure require more overhead and are usually slower. Less-secure connections require less overhead and are typically faster. Typical Security Settings You generally will configure typical security settings unless you need to use specific security protocols. When you select the Typical radio button, you can then choose to validate the user’s identity, to automatically use the Windows logon name and password (and domain, if specified), and whether data encryption is required. For validating the user’s identity, you can select from the following options: Allow Unsecured Password Specifies that the password can be transmitted without any encryption. Require Secured Password Specifies that the password must be encrypted prior to transmission. Use Smart Card Specifies that you must use a smart card. The options for configuring Automatically Use My Windows Logon Name and Password (and Domain if Any) and Require Data Encryption (Disconnect if None) are enabled based on the validation method you select, and whether the options are supported by the selected validation option. Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. COPYING PROHIBITED www.sybex.com 494 Chapter 12  Dial-Up Networking and Internet Connectivity Advanced Security Settings If you need to configure specific security protocols, select the Advanced (Custom Settings) radio button in the Security tab and then click the Settings button. This brings up the Advanced Security Settings dialog box, as shown in Figure 12.21. FIGURE 12.21 Connection Properties, Security tab, Advanced Settings dialog box This dialog box allows you to configure the type of data encryption that will be employed. You also specify whether logon security will use the Extensible Authentication Protocol (EAP), which is used in conjunction with other security devices, including smart cards and certificates. You can select from the following protocols for logon security:  Unencrypted Password (PAP)  Shiva Password Authentication Protocol (SPAP)  Challenge Handshake Authentication Protocol (CHAP)  Microsoft CHAP (MS-CHAP), if you select this option, additionally you can specify that you want to support older MS-CHAP for Windows 95 servers  Microsoft CHAP Version 2 (MS-CHAPv2) If you are using MS-CHAP-based protocols, you can also specify that you want to automat- ically use your Windows logon name and password (and domain, if any). The authentication security protocols were covered in the “Understanding Remote Access Security” section earlier in this chapter. Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. COPYING PROHIBITED www.sybex.com Creating a Connection to a Remote Access Server 495 Interactive Logon and Scripting The Interactive Logon and Scripting options on the Security tab are provided for users who use terminal services for remote access. These options allow you to display a terminal window after dialing, and run a script after dialing. Scripting features are supported only for serial modems. These features are not available for ISDN devices. Configuring Networking Options for RAS Connections The Networking tab, shown in Figure 12.22, contains networking options for the dial-up connection. You can configure the wide area network (WAN) protocol you will use and the network components that will be employed by the network connection. FIGURE 12.22 The Networking tab of the Connection Properties dialog box Your choices for the WAN protocol are the Point-to-Point Protocol (PPP) or Serial Line Internet Protocol (SLIP). PPP offers more features and is the WAN protocol used by Win- dows 9x, Windows NT (all versions), Windows 2000 (all versions), Windows XP, Windows Server 2003, and most Internet servers. SLIP is an older protocol that is used with some Unix servers. If you click the Settings button for PPP, you can configure options for Enable LCP Extensions, Enable Software Compression, and Negotiate Multi-link for Single Link Connections. You typically leave PPP settings at default values. The network components used by the connection might include the protocols (such as Internet Protocol (IP) and NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) and the client Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. COPYING PROHIBITED www.sybex.com 496 Chapter 12  Dial-Up Networking and Internet Connectivity software (such as File and Printer Sharing for Microsoft Networks and Client for Microsoft Networks). By clicking the Install button, you can install additional connections. The Properties button allows you to configure the properties of whatever connection you have highlighted. Configuring Advanced Options The Advanced tab, shown in Figure 12.23, is used to configure an Internet Connection Firewall and Internet Connection Sharing. The Internet Connection Firewall is used to limit access to your computer through the Internet and is implemented as a security feature. Internet Connec- tion Sharing is used to allow more than one Internet connection through a single computer. Both of these topics are covered in greater detail in the “Using Internet Connection Sharing” and “Using an Internet Connection Firewall” sections of the chapter. FIGURE 12.23 The Advanced tab of the Connection Properties dialog box Troubleshooting Remote Access Connections If your remote access connection is not working properly, there are many possible causes. The following list categorizes common problems and the options that can be used to troubleshoot, identify, and resolve configuration errors: If you suspect the problem is with your modem:  Verify that the modem you are using is on the Hardware Compatibility List (HCL) and that you have the most current driver. Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. COPYING PROHIBITED www.sybex.com Creating a Connection to the Internet 497  If you are using an external modem, verify that it is turned on and connected to the proper port, and that the modem cable is not defective. If you require a 9-to-25-pin serial connector, do not use one that came with a mouse, as most are not manufactured to support modem signals.  Use modem logging and modem diagnostics to test the modem. If you suspect the problem is with your access line:  If you are using an unknown line type (for example, in a hotel), verify the line type you are using. Analog modems only use analog phone lines, and digital modems only use digital lines. The remote client and the server that is being accessed must also use a common access method, analog or digital.  Verify that you dialed the correct number for the remote server. If you need to dial an external line-access number (usually 9), verify that it is properly configured.  If the modem is having problems connecting, there may be excessive static on the phone line that is preventing the modem from connecting at the configured speed. Attempt to connect using lower speed and call the phone company to have the quality of the line checked. If you suspect the problem is with the RAS server:  Verify that you are using a valid user account and password. Make sure the user account has been granted remote access permission on the RAS server.  Make sure the RAS server is properly configured and is running. If no remote clients can connect, the problem is most likely the RAS server. If other remote clients can connect, the RAS server is most likely properly configured. If connections to the RAS server are being dropped:  Verify that the connection is not being dropped due to inactivity. Check with the RAS server administrator to find out what the inactivity settings are.  If your phone line uses call waiting, an incoming call may be disrupting your connection; verify that call waiting has been disabled. Creating a Connection to the Internet The most common option for remote access to the Internet is through a valid Internet service provider (ISP). There are many ISPs to choose from, and they usually supply software to facil- itate your Internet connection through their service. If you do not have software from your ISP, you can set up an Internet connection the first time you access Internet Explorer or through New Connection Wizard. Common options for accessing the Internet include analog modem and phone line, ISDN adapter and ISDN phone line, cable modem, and DSL. In Exercise 12.1, you will create a dial-up Internet connection for a new Internet account. Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. COPYING PROHIBITED www.sybex.com 498 Chapter 12  Dial-Up Networking and Internet Connectivity EXERCISE 12.1 Creating a Dial-Up Connection to the Internet 1. Select Start  Control Panel  Network and Internet Connections  Set Up or Change Your Internet Connection. 2. Click the Setup button on the Connections tab. 3. In the Welcome to the New Connection Wizard dialog box, click the Next button. 4. The Network Connection Type dialog box will appear. Select Connect to the Internet and click the Next button. Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. COPYING PROHIBITED www.sybex.com Using Virtual Private Network Connections 499 Using Virtual Private Network Connections A VPN is a private network that uses links across private or public networks (such as the Internet). When data is sent over the remote link, it is encapsulated and encrypted and requires authenti- cation services. You must use Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP) to support a VPN connection, both of which are automatically installed on Windows XP Professional computers. To have a VPN, you must also have a Windows 2000 Server or a Windows Server 2003 computer that has been configured as a VPN server. Figure 12.24 illustrates a VPN. 5. In the Getting Ready dialog box, you can choose from the following options:  The Choose from a List of Internet Service Providers (ISPs) option guides you through selecting an ISP and setting up a new account. You can use this option if you do not already have an ISP.  The Set Up My Connection Manually option is used for dial-up connections where you know the account name, password, and phone number for your ISP.  The Use the CD I Got from an ISP is probably the most common option and includes all the software to connect to your ISP. 6. Select the option you will use to connect to your ISP and follow the remaining prompts. EXERCISE 12.1 (continued) Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. COPYING PROHIBITED www.sybex.com 500 Chapter 12  Dial-Up Networking and Internet Connectivity FIGURE 12.24 Making a virtual private network (VPN) connection The main advantage of using a VPN rather than a RAS connection is that with a RAS connection, a long-distance call might be required to dial into the RAS server. With a VPN connection, all you need is access to a network such as the Internet. In Exercise 12.2, you will configure the client for a VPN connection. This exercise assumes you already have a valid connection to the Internet. EXERCISE 12.2 Configuring a VPN Client 1. Select Start  Control Panel  Network and Internet Connections. 2. In the Network Connection Type dialog box, click the Create a Connection to the Network at My Workplace option and click the Next button. 3. In the Network Connection dialog box, select the Virtual Private Network connection option and click the Next button. 4. The Connection Name dialog box will appear. Type in the name of the connection you will use and the company name, and click the Next button. 5. In the Public Network dialog box, select the Do Not Dial the Initial Connection option and click the Next button. Internet Tunnel Windows 2000 VPN Server Remote Computer Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. COPYING PROHIBITED www.sybex.com Using Internet Connection Sharing 501 Using Internet Connection Sharing Internet Connection Sharing (ICS) allows you to connect a small network (typically a home network) to the Internet through a single connection, as illustrated in Figure 12.25. The computer that provides ICS services is usually the one with the fastest outgoing connection—for example, using DSL. The ICS host computer must have two connections. One of the connections is used to connect the computer to the LAN. The second connection—for example, a modem, ISDN adapter, DSL, or cable modem—is used to connect the computer to the Internet. The ICS computer that accesses the Internet provides network address translation, IP addressing, and DNS name resolution services for all the computers on the network. Through Internet connection sharing, the other computers on the network can use Internet applications such as Internet Explorer and Outlook Express, as well as access Internet resources. 6. In the VPN Server Selection dialog box, enter the hostname or the IP address of the computer that you will connect to. Then click the Next button. 7. The Completing the New Connection Wizard will appear. Click the option Add a Shortcut to This Connection to My Desktop and click the Finish button. 8. Click the shortcut that is created on the Desktop to connect to the VPN. Type in your username and password and click the Connect button. EXERCISE 12.2 (continued) Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. COPYING PROHIBITED www.sybex.com [...]... with the server versions of IIS In previous versions of Windows client operating systems, the scaled-down version of IIS was called Peer Web Services (PWS) Windows XP Professional does not ship with PWS, and if you upgraded to Windows XP Professional, then PWS can’t be upgraded The IIS Professional version software is included with Windows XP Professional, but is not installed by default In this section,... Printers Windows XP automatically supports Internet printing when Internet Information Services (IIS) is installed on a Windows Server 2003 or a Windows XP Professional client IIS is covered in greater detail at the end of this chapter Any printers that are shared on the Windows XP Server are then automatically made accessible to Internet users through a protocol called Internet Printing Protocol (IPP) Windows. .. Internet connection sharing, you must be a member of the Administrators group Using Internet Connection Sharing You have Windows XP Professional on your home computer, which has Internet access You also have three other computers running Windows 98, Windows Me, and Windows 2000 Professional These computers, used as part of a home lab for testing and training preparation, are connected through an Ethernet... troubleshooting problems with website access IIS is not included with Windows XP Home Edition Installing Internet Information Services IIS is installed on a Windows XP computer through the Add or Remove Programs option in Control Panel Before you can install IIS, your computer must have TCP/IP installed and configured To install IIS on a Windows XP Professional computer, you take the following steps: 1 Select... copied You may be prompted to provide the Windows XP Professional CD 5 The Completing the Windows Components Wizard dialog box will appear Click the Finish button If you do not see an option for Administrative Tools from the Start menu, edit your Start menu to show Administrative Tools Editing the Start menu was covered in Chapter 5, “Managing the Windows XP Professional Desktop.” Managing a Website... Unregistered Version - http://www.simpopdf.com 5 18 Chapter 12 Dial-Up Networking and Internet Connectivity The IIS software that is included with Windows XP Professional is designed for smallscale use, mainly for users who are developing web services for home or office use IIS Professional version edition can support only 10 incoming client connections IIS Professional version also does not support all... the name of the printer To support all browsers, an administrator must choose basic authentication Internet Explorer supports LAN Manager Challenge/Response and Kerberos version 5 authentication Adding an Internet Printer To install an Internet printer on a Windows Server 2003 or Windows XP Professional client, you must first install IIS Then you can create a shared printer (see Chapter 11 for details... Access section of the Authentication Methods dialog box: The Digest Authentication for Windows Domain Servers option works only for Windows 2000 and Windows Server 2003 domain accounts This method requires accounts to store passwords as encrypted clear text The Basic Authentication option requires a Windows 2000 or Windows 2003 domain user account If anonymous access is disabled or the anonymous account... permission to access, the system will prompt the user for a valid Windows 2000 or Windows 2003 domain user account With this method, all passwords are sent as clear text You should use this option with caution since it poses a security risk The Integrated Windows Authentication option uses secure authentication to transmit the Windows 2000 or Windows Server 2003 username and password IP Address and Domain... credentials as a part of the FTP request, then the syntax you would use would be: ftp://username:password@ftp.microsoft.com Configuring Internet Explorer Several options can be configured for Internet Explorer You access Internet Properties by rightclicking Internet Explorer from the Start menu and selecting Internet Properties This brings up the dialog box shown in Figure 12.30 FIGURE 12.30 The Internet . Connection Sharing You have Windows XP Professional on your home computer, which has Internet access. You also have three other computers running Windows 98, Windows Me, and Windows 2000 Pro- fessional connection, both of which are automatically installed on Windows XP Professional computers. To have a VPN, you must also have a Windows 2000 Server or a Windows Server 2003 computer that has been configured. offers more features and is the WAN protocol used by Win- dows 9x, Windows NT (all versions), Windows 2000 (all versions), Windows XP, Windows Server 2003, and most Internet servers. SLIP is an older