by MS
Select one of the following options as appropriate and then click Next:
q Connect To A Workplace to create a dial-up connection to a workplace
q Connect To The Internet to create a broadband connection to the Internet
If you have an existing connection, you'll be able to reconfigure this connection for use or create a new connection. Typically, you'll want to create a new connection, so click No, Create A New Connection and then click Next.
On the How Do You Want To Connect page, click Dial Directly when you are creating a dial-up connection to a workplace or click Broadband (PPPoE) when creating a broadband connection to the Internet.
For a dial-up connection to a workplace, do the following and then click Next:
q Set the phone number to dial for this connection using the Telephone Number text box.
q In the Destination Name field, type the name for the connection, such as Corporate Office or Seattle Office. Keep in mind that the name should be short (50 or fewer characters) but descriptive.
q If the computer is configured to use a smart card for authentication, select Use A Smart Card.
q If you want the connection to be available to all users of the computer, select Allow Other People To Use This Connection. This option is best when you plan to assign the connection through Group Policy and have not provided user logon information.
A user is prompted by default for her name and password when she makes a connection. If you are creating a connection for an individual user and don't want the user to be prompted for logon information, you can enter the user name and password in the fields provided.
Although you can ensure the password is remembered by selecting Remember This Password, it is a poor security practice because it enables anyone with access to the computer to use the connection. If you don't select Remember This Password, the user is prompted for the password.
For a dial-up connection to a workplace, you should specify the logon domain in the Domain field and then click Create to create the dial-up connection. Then click Close. To test the connection settings, follow the steps outlined in the "Establishing Connections" section of this chapter.
For a broadband connection to the Internet, click Connect to create and connect the connection. In most cases, the connection will fail because you are setting up a broadband connection for an alternate location, such as the user's home Internet connection, and these settings won't work through the organization's network. Because of this, you'll have an option to click Skip to bypass the connection activation. After you do this, click Set Up The Connection Anyway and then click Close.
Tip
With a broadband connection, you need a DSL router or cable modem to test the connection. Be sure to configure any special settings required by the ISP, as detailed in the "Configuring Connection Properties" section of this chapter.
Creating a VPN Connection
VPNs are used to establish secure communications channels over an existing dial-up or broadband connection. You must know the IP address or fully qualified domain name of the remote access server to which you are connecting. If the necessary connection is available and you know the host information, you can create the connection by following these steps:
Click Start and then click Connect To. In Connect To A Network, click Set Up A Connection Or Network. This starts the Set Up A Connection Or Network Wizard.
To make a VPN connection, scroll down, select Connect To A Workplace, and then click Next.
Select No, Create A New Connection and then click Next. The user will need to establish a connection to the Internet—via either dial-up or broadband—before attempting to use the VPN anyway.
Click Use My Internet Connection (VPN). On the Before You Connect page, select the previously created connection to use and then click Next. This connection can be a dial-up or broadband connection.
Type the IP address or fully qualified domain name of the computer to which you are connecting, such as 192.168.10.50 or http://www.external.microsoft.com. In most cases, this is the remote access server you've configured for the office network.
Type a name for the connection in the Destination Name field. If the computer is configured to use a smart card for authentication, select Use A Smart Card.
If you want the connection to be available to all users of the computer, select Allow Other People To Use This Connection. This option is best when you plan to assign the connection through Group Policy and have not provided user logon information.
Click Next. A user is prompted by default for her name and password when she makes a connection. If you're creating a connection for an individual user and don't want the user to be prompted for logon information, you can enter the user name and password in the fields provided.
Although you can ensure the password is remembered by selecting Remember This Password, it is a poor security practice because it enables anyone with access to the computer to use the connection. If you don't select Remember This Password, the user is prompted for the password.
Specify the logon domain in the Domain field and then click Connect. To connect to a VPN connection, you must first be connected to the dial-up or broadband connection specified previously. In most cases, the connection will fail because you are setting up a VPN connection for an alternate location, such as the user's home Internet connection, and these settings won't work through the organization's network. Because of this, you'll have an option to click Skip to bypass the connection activation. After you do this, click Set Up The Connection Anyway and then click Close.
Configuring Connection Properties
Whether you are working with dial-up, broadband, or VPN, you'll often need to set additional properties after creating a connection. The key properties that you'll work with are examined in this section.
Note
As you work with connection properties, keep in mind that VPN connections are on top of existing connections and that the configuration of each connection is separate. With VPN, the primary connection is established first using the settings assigned to this connection and then the VPN connection is attempted using the VPN connection settings. With this in mind, you should configure the primary connection first and then configure the options for VPN. You should change this approach only when you are troubleshooting problems with VPN. In this case, you should start with the VPN configuration and work your way back to the settings for the primary connection.
Configuring Automatic or Manual Connections
Windows Vista can be configured to establish dial-up, broadband, or VPN connections automatically when users access programs that need to connect to the Internet, such as Windows Internet Explorer 7 in Windows Vista. Automatic connections work in ways that depend on settings in the Internet Options tool. The options include the following:
Never Dial A Connection Users must manually establish connections.
Dial Whenever A Network Connection Is Not Present The connection is established automatically when needed but only when the local area connection isn't working.
Always Dial My Default Connection The default connection is always established when an Internet connection is needed (even if other connections are already established).
Tip
The way you configure automatic connections really depends on the way your organization works. Contrary to what many administrators think, laptop users are usually less frustrated when their computers are set to never dial a connection. This is because laptop users might not have access to a dial-up connection while out of the office, and having the computer attempt to dial a connection when visiting customers or giving a presentation can be disruptive. On the other hand, if you are configuring dial-up networking for users with desktops at a remote or home office, they'll probably want to use automatic connections.
To configure computers to connect manually, follow these steps:
Click Start and then click Control Panel. In Control Panel, click Network And Internet.
In
Network And Internet, click Internet Options. In the Internet Properties dialog box, click the Connections tab, shown in Figure 13-5.
Figure 13-5: Configure manual or automatic connections by using the Connections tab.
Select Never Dial A Connection and then click OK.
You can configure automatic connections by following these steps:
Click Start and then click Control Panel. In Control Panel, click Network And Internet.
In Network And Internet, click Internet Options. In the Internet Properties dialog box, click the Connections tab.
Select Dial Whenever A Network Connection Is Not Present to establish connections automatically if a local area connection isn't working. Select Always Dial My Default Connection to always attempt to establish connections.
The Dial-Up And Virtual Private Network Settings list shows the dial-up, broadband, and VPN connections that are currently configured. Select the connection you want to use as the default when establishing connections and then click Set Default.
Click OK twice.
Configuring Proxy Settings for Mobile Connections
As with the connections themselves, proxy server settings can be set manually or automatically. With manual configuration, you'll need to configure each property, step by step. With automatic configuration, the computer can attempt to detect proxy server settings and then configure the appropriate options, or the computer can read a configuration script to use in configuring the proxy.
Note
Proxy settings can be configured for multiple systems through Group Policy as discussed in the "Managing Connection and Proxy Settings" section of Chapter 14. If you elect not to configure proxy settings through Group Policy, you can configure them on a per-connection basis as discussed in this section.
Configuration scripts can be stored in a file on the local computer or at an Internet address. Using configuration scripts can save a lot of time, especially when you consider that each connection you create is configured separately. Further, because VPN connections are established on top of an existing setting, the proxy settings for the VPN can be different from those set in the original connection.
To use automatic proxy configuration for a connection, complete the following steps:
Click Start and then click Control Panel. In Control Panel, click Network And Internet.
In Network And Internet, click Internet Options. In the Internet Properties dialog box, click the Connections tab.
In the Dial-Up And Virtual Private Network Settings list box, select the connection that you want to configure and then click Settings. This displays a Dial-Up Connection Settings dialog box similar to the one shown in Figure 13-6.
Figure 13-6: Proxy settings can be automatically configured through detection or scripts.
To attempt to automatically detect proxy settings when establishing the connection, select Automatically Detect Settings.
To use a configuration script, select Use Automatic Configuration Script and then type the file path or Uniform Resource Locator (URL) of the script. With file paths, you can use environment variables, such as %UserProfile%PROXY.VBS. With URLs, be sure to type the computer URL, such as http://www.proxy.microsoft.com/proxy.vbs.
To ensure that only automatic settings are used, clear the Use A Proxy Server For This Connection check box.
Click OK twice.
To use manual proxy configuration, complete the following steps:
Click Start and then click Control Panel. In Control Panel, click Network And Internet.
In Network And Internet, click Internet Options. In the Internet Properties dialog box, click the Connections tab.
Select the connection you want to configure in the Dial-Up And Virtual Private Network Settings list box and then click Settings.
Clear the Automatically Detect Settings and Use Automatic Configuration Script check boxes if they were selected.
Select Use A Proxy Server. The Bypass Proxy Server For Local Addresses check box is not selected by default. In most cases, however, you won't want to use a proxy for requests made to servers on the same network segment, so you'll want to select Bypass Proxy Server For Local Addresses as well. It is important to note that if Bypass Proxy Server For Local Addresses is not selected, users might need additional permissions to access intranet servers through your proxy servers.
Click Advanced to display the Proxy Settings dialog box, shown in Figure 13-7.
Figure 13-7: You can use the same proxy for all services, or you can configure multiple proxies.
Using the text boxes in the Servers panel, set the IP address for proxies. You'll find the following two columns of text boxes:
q Proxy Address To Use Sets the IP address of the related proxy server or servers. Enter the IP address for each service. If multiple proxies are configured for a particular service, type the IP addresses for each proxy server in the order in which you want the Web client to attempt to use them. Each address must be separated by a semicolon. If a proxy isn't configured for a service, do not fill in the related text box.
q Port Sets the port number on which the proxy server responds to requests. Most proxies respond to port 80 for all requests. That said, however, the standard ports are port 80 for Hypertext Transfer Protocol (HTTP), port 443 for Secure Sockets Layer (SSL; listed as Secure), port 21 for File Transfer Protocol (FTP), port 70 for Gopher, and port 1081 for Socks. Check with your organization's Web administrator for the proper settings.
By default, the Use The Same Proxy Server For All Protocols check box is selected. This setting enables you to use the same IP address and port settings for the HTTP, SSL, FTP, Gopher, and Socks services. You have the following options:
q If your organization has proxy servers that handle all requests, type the IP address or addresses that you want to use and the port number on which the server or servers respond.
q If you want to use a unique proxy server or servers for each type of service, clear the Use The Same Proxy Server For All Protocols check box and then enter the necessary IP addresses and port numbers in the text boxes provided.
If your network has multiple segments or there are specific servers that shouldn't use proxies, enter the appropriate IP addresses or IP address ranges in the Exceptions list. Each entry must be separated with a semicolon. The asterisk (*) character can be used as a wildcard character to specify an address range of 0 through 255, such as 192.*.*.*, 192.168.*.*, or 192.168.10.*.
Click OK three times.
Configuring Connection Logon Information
Each connection you create has separate settings for logon information. You can set a user name, password, and domain by performing the following steps:
Click Start and then click Control Panel. In Control Panel, click Network And Internet.
In Network And Internet, click Internet Options. In the Internet Properties dialog box, click the Connections tab.
Select the connection you want to configure in the Dial-Up And Virtual Private Network Settings list box and then click Settings.
Type the user name and password for the connection in the User Name and Password text boxes, respectively.
If a domain name is required, enter the domain name in the Domain text box.
Click OK twice.
Setting a connection to use the appropriate logon information isn't the last step in ensuring a proper configuration. You should also set options that determine whether users are prompted for logon information or a phone number. If a logon domain is required to establish a connection, you should ensure that the logon domain is passed with the other logon information. By default, the domain name is not included.
To configure additional options, follow these steps:
Click Start and then click Control Panel. In Control Panel, click Network And Internet.
In Network And Internet, click Internet Options. In the Internet Properties dialog box, click the Connections tab.
Select the connection you want to configure in the Dial-Up An
d Virtual Private Network Settings list box and then click Settings.
In the Settings dialog box, click Properties. This displays a properties dialog box.
Click the Options tab. You can now configure the following additional options:
q To display status messages while connecting, select Display Progress While Connecting.
q To ensure users are prompted for logon information if necessary, select Prompt For Name And Password, Certificate, Etc.
q To ensure the logon domain is included when requested, select Include Windows Logon Domain.
q To prompt for a phone number when needed, select Prompt For Phone Number.
Click OK three times.
Configuring Connection Attempts and Automatic Disconnection
By default, Windows Vista attempts to make a connection 10 times before giving up, and it won't disconnect idle connections automatically. You can use advanced options to change the way connection attempts and disconnection are handled by following these steps:
Click Start and then click Control Panel. In Control Panel, click Network And Internet.
In Network And Internet, click Internet Options. In the Internet Properties dialog box, click the Connections tab.
Select the connection you want to configure in the Dial-Up And Virtual Private Network Settings list box and then click Settings.
In the Settings dialog box, click Advanced. This displays the Advanced Dial-Up dialog box.
You can now configure the following options:
q Try To Connect … Times Sets the number of times Windows Vista attempts to make a connection. The minimum value is 1.
q Wait … Seconds Between Attempts Sets the number of seconds to wait between connection attempts. The minimum value is 5.
q Disconnect If Idle For … Minutes Specifies whether Windows Vista disconnects connections that haven't been actively used for the specified time. The minimum value is 3 minutes. Typically, you should set this value to between 20 and 30 minutes, or longer if the user transfers large files using protocols that might not update their state during the transfer, such as FTP.
