Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to Configure Unauthenticated Access for the Routing and Remote Access Service or for Internet Authentication Service


View products that this article applies to.

Summary

This article describes how to configure the Routing and Remote Access service or the Internet Authentication Service (IAS) to accept unauthenticated access. By default, the Routing and Remote Access service and the IAS service use the Guest account for unauthenticated access. This article discusses how to enable these services for unauthenticated access without using the Guest account.

Windows 2000 Server

Configure Unauthenticated Access in Routing and Remote Access

To configure unauthenticated access in the Routing and Remote Access service, follow these steps:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
  2. Right-click Your_Server_Name, and then click Properties.
  3. Click the Security tab, and then click Authentication Methods.
  4. In the Authentication Methods dialog box, click to select the Allow remote systems to connect without authentication check box in the Unauthenticated Access area, and then click OK.

Grant Remote Access Permission

  1. On the authenticating server, in Routing and Remote Access or in Internet Authentication Service, click Remote Access Policies.
  2. In the right pane, right-click Allow access if dial-in permission enabled, and then click Properties.
  3. Click Grant remote access permission, and then click OK.
  4. Quit Routing and Remote Access or Internet Authentication Service.

Configure a Different Account for Unauthenticated Access

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Create a user account to use for unauthenticated access. To do this, follow these steps:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Expand Your_Domain, right-click Users, point to New, and then click User.
  3. Create the user account that you want to use for unauthenticated access.
  4. After the user account is created, right-click the user name, and then click Properties.
  5. Click the Dial-in tab.
  6. In the Remote Access Permission (Dial-in or VPN) area, click Allow access, click Apply, and then click OK.
  7. QuitActive Directory Users and Computers.
  8. On your authenticating server, click Start, click Run, type regedit, and then click OK.

    Depending on your configuration, the authenticating server is either the Routing and Remote Access server or the Internet Authentication Service server.
  9. Expand the following registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Policy
  10. Right-click
    Policy
    , point to New, and then click String value.
  11. Type Default User Identity, and then press ENTER to name the new value.
  12. Double-click
    Default User Identity
    .
  13. In the Value data box, type the name of the user account that you want to use for unauthenticated access, and then click OK.
  14. Quit Registry Editor.
Note Changes to the registry setting do not take effect until you restart the Routing and Remote Access service or until you restart Internet Authentication Service.

Windows Server 2003

Configure Unauthenticated Access in Routing and Remote Access

To configure unauthenticated access in the Routing and Remote Access service, follow these steps:
  1. Click Start, point to Administrative Tools, and then click Routing and Remote Access.
  2. Right-click Your_Server_Name, and then click Properties.
  3. Click the Security tab, and then click Authentication Methods.
  4. In the Authentication Methods dialog box, click to select the Allow remote systems to connect without authentication check box in the Unauthenticated Access area, and then click OK.

Grant Remote Access Permission

  1. On the server that authenticates dial-in access, click Routing and Remote Access in Routing and Remote Access or in Internet Authentication Service, double-click Your_Server_Name, and then click Remote Access Policies.
  2. Right-click Connections to Microsoft Routing and Remote Access server, and then click Properties.
  3. Under Policy Conditions, click the policy that you want to enable unauthenticated access for, and then click Edit Profile.
  4. Click the Authentication tab, click to select the Allow clients to connect without negotiating an authentication method check box in the Unauthenticated access area, and then click OK.
  5. You receive a message that prompts you to view the Help topics. Click No.
  6. Click Grant remote access permission, click Apply, and then click OK.
  7. Quit Routing and Remote Access or Internet Authentication Service.

Configure a Different Account for Unauthenticated Access

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Create a user account to use for unauthenticated access. To do this, follow these steps:
  1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Expand Your_Domain, right-click Users, point to New, and then click User.
  3. Create the user account that you want to use for unauthenticated access.
  4. After the user account is created, right-click the user name, and then click Properties.
  5. Click the Dial-in tab.
  6. In the Remote Access Permission (Dial-in or VPN) area, click Allow access, click Apply, and then click OK.
  7. QuitActive Directory Users and Computers.
  8. On your authenticating server, click Start, click Run, type regedit, and then click OK.

    Depending on your configuration, the authenticating server is either the Routing and Remote Access server or the Internet Authentication Service server.
  9. Expand the following registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Policy
  10. Right-click
    Policy
    , point to New, and then click String value.
  11. Type Default User Identity, and then press ENTER to name the new value.
  12. Double-click
    Default User Identity
    .
  13. In the Value data box, type the name of the user account that you want to use for unauthenticated access, and then click OK.
  14. Quit Registry Editor.
Note Changes to the registry setting do not take effect until you restart the Routing and Remote Access service or until you restart Internet Authentication Service.

↑ Back to the top


References

For more information about unauthenticated access, search Microsoft Windows 2000 Help or in Microsoft Windows Server 2003 Help by using the term "unauthenticated access."

↑ Back to the top


Keywords: KB826156, kbinfo, kbnetwork, kbwinservnetwork, kbhowtomaster

↑ Back to the top

Article Info
Article ID : 826156
Revision : 5
Created on : 10/30/2006
Published on : 10/30/2006
Exists online : False
Views : 298