In this exercise, you will edit the existing remote access policy and profile.
- In the Routing And Remote Access console, expand your computer, then expand Remote Access Policies. Right-click Connections To Microsoft Routing And Remote Access server and select Properties. This accesses the Properties dialog box for the policy, and the Settings tab is displayed.
- In the Settings tab of the remote access policy Properties dialog box, click the Add button.
- In the Select Attribute dialog box, select the Windows Groups attribute and click the Add button.
- In the Groups dialog box, click the Add button.
- In the Select Groups dialog box, add the Domain Users group and click the OK button.
- In the Groups dialog box, click the OK button.
- In the If A Connection Request Matches The Specified Conditions section of the Settings tab, click the Grant Remote Access Permission radio button. Then click the Edit Profile button.
- In the Dial-in Constraints tab of the Edit Dial-in Profile dialog box, check the Minutes Server Can Remain Idle Before It Is Disconnected (Idle-Timeout) option and set it for 10 minutes. Check the Minutes Client Can Be Connected (Session-Timeout) option and set it to 60 minutes.
- Click the IP tab. Configure IP address assignment by choosing Server Must Supply An IP Address.
- Click the Multilink tab. Select the Allow Multilink Connections radio button and set the Maximum Number Of Ports Allowed: to 2 ports. Leave the Bandwidth Allocation Protocol (BAP) settings at the default values.
- Click the Authentication tab. Deselect the default protocols and select Microsoft Encrypted Authentication version 2 (MS-CHAP v2).
- Click the Encryption tab and note the default settings.
- Click the Advanced tab and note the default settings.
- Click the OK button to close the Edit Dial-in Profile dialog box.
- In the Settings tab of the remote access policy’s properties, click the OK button. Close the Routing and Remote Access tool.
