Remote Access Policies

In Windows 2000, remote access connections are accepted based on the dial-in properties of a user account and remote access policies. A remote access policy is a set of conditions and connection parameters that define the characteristics of the incoming connection and the set of constraints imposed on it. Remote access policies can be used to specify allowed connections conditioned by the time of day and day of the week, the Windows 2000 group to which the dial-in user belongs, the type of remote access client (dial-up or VPN), and so on. Remote access policies can be used to impose connection parameters such as maximum session time, idle disconnect time, required secure authentication methods, required encryption, and so on.

With multiple remote access policies, different sets of conditions can be applied to different remote access clients or different requirements can be applied to the same remote access client based on the parameters of the connection attempt. For example, multiple remote access policies can be used to:

  • Allow or deny connections if the user account belongs to a specific group.

  • Define different days and times for different user accounts based on group membership.

  • Configure different authentication methods for dial-up and VPN remote access clients.

  • Configure different authentication or encryption settings for Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP) connections.

  • Configure different maximum session times for different user accounts based on group membership.

  • Send network access server–specific RADIUS attributes to a RADIUS client.

When you have multiple Windows 2000 remote access or VPN server and you want all of the servers to use a centralized set of remote access policies to authorize incoming connections, you must configure a computer to run Windows 2000 and Internet Authentication Service (IAS) and then configure each remote access or VPN server as a RADIUS client to the IAS server computer.

For more information about remote access policies, including common remote access policy scenarios and their configuration, see Windows 2000 Server Help.