Add a remote access policy

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To add a remote access policy

  1. Do one of the following:

    • Open Routing and Remote Access and, if necessary, double-click Routing and Remote Access and the server name.

    • Open Internet Authentication Service and, if necessary, double-click Internet Authentication Service.

  2. In the console tree, right-click Remote Access Policies, and then click New Remote Access Policy.

  3. Use the New Remote Access Policy Wizard to create a policy.

For a common policy, you must choose the following:

  • An access method:

    • VPN access

    • Dial-up access

    • Wireless access

    • Ethernet

  • Whether to grant access permissions by user or by group.

  • Authentication methods.

  • Levels of allowed encryption (depending on the access method selected).

    For a custom policy, you must configure the following:

  • A set of policy conditions.

  • Whether remote access permission for the policy is granted or denied.

  • Remote access policy profile settings.


  • To perform this procedure, you must be a member of the Administrators group. As a security best practice, consider using the Run As command rather than logging on with administrative credentials. If you have logged on with administrative credentials, you can also open Routing and Remote Access by clicking Start, clicking Control Panel, double-clicking Administrative Tools, and then double-clicking Routing and Remote Access. For more information, see Default local groups, Default groups, and Using Run as.

  • To open Internet Authentication Service, click Start, click Control Panel, double-click Administrative Tools, and then double-click Internet Authentication Service.

  • You cannot use this procedure to configure a remote access policy unless a remote access server is already installed on your network. After installing one or more remote access servers, use this procedure and the New Remote Access Policy Wizard to configure a new remote access policy.

  • When you use the New Remote Access Policy Wizard to create a common policy:

    • The access method is used to automatically configure the NAS Port Type condition.

    • If you choose to grant access by group, the Windows Groups condition is automatically set to the selected groups.

    • The authentication settings are used to set the profile settings on the Authentication tab.

    • The encryption levels are used to set the profile settings on the Encryption tab.

    • The remote access permission is always set to Grant remote access permission.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also


Configure a condition of a remote access policy
Configure a remote access policy to grant or deny access
Configure a Profile for a Remote Access Policy
Delete a remote access policy
Rename a remote access policy