My company recently reviewed our RRAS implementation and realized that setting up home users to connect to our network through RRAS (dial-up and VPN) was unnecessarily difficult. The Help desk spent a lot of time helping users establish connections and solve connection-related problems. We investigated several solutions to our problem and decided to use Microsoft's Connection Manager Administration Kit. CMAK works on Windows Server 2003, Windows 2000, Windows XP, and Windows 98. (I didn't test other OSs.)
I used CMAK to create two executables (one for the dial-up connection and one for the VPN), which I copied to 3.5" disks so that users could run the executables on their home computers. The executables contained all the information users needed to install the connection, select the address or phone number to connect to, and make the connection. In addition, CMAK lets you insert license agreements and logon scripts and lets you download updated phone books that contain VPN address or phone number changes.
Using the CMAK wizard to create a connection for the first time can be frustrating because the wizard isn't intuitive. To avoid frustration, follow these steps to create a VPN connection:
- Start CMAK by selecting Programs, Administrative Tools, Connection Manager Administration Kit from the Start menu.
- Create a new profile, provide a name for the service, and name the executable that CMAK will create. You can merge an existing profile (if you have one) into the connection.
- Create a new phone book or merge a phone book from an existing profile. The phone book contains the server's IP address or Fully Qualified Domain Name (FQDN). If multiple RRAS servers are available, you must create a separate text file that contains all the servers' addresses or names.
- Edit the network settings for the VPN connection, including the TCP/IP (WINS and DNS) and security (authentication) settings. Select either the PPTP or Layer Two Tunneling Protocol (L2TP) connection.
- If a dial-up connection will be used for the VPN, create the dial-up connection. (Skip this step if a broadband or another type of connection will be used.) Modify routing tables and proxy settings if necessary.
- Add any desired custom actions. For example, I included an option to run a script that maps two network drives after a connection is established.
- Select icons for the connection, and choose graphics for the logon box and phone book display.
- Include the Help files and any essential support information. If necessary, CMAK installs Connection Manager 1.3 and includes a license agreement, which is a customizable text file. Add any other files you think are necessary.
- Finish running the CMAK wizard. The CMAK wizard will create the connection and a folder that contains the executable, any files you included, and the graphics.
- Copy the resulting folder to 3.5" disks or other media, such as CD-ROMs or USB memory sticks. Distribute the media to your users. When a user runs the executable, the connection installs and prompts the user to select a destination.
To create a dial-up connection that's independent of the VPN connection, you can follow the same procedure I just described. However, you must use the Phone Book Administrator to create POP3 dial-up numbers. After you create a phone book, the connection includes that phone book.
CMAK is a useful tool for creating standard connections for remote users. CMAK lets you update and push out VPN addresses and updated phone books when users connect to your network.
