Demand-Dial Routing

Previous Topic Next Topic

Creating User Accounts with the Demand-Dial Wizard

When a demand-dial interface is created with the Demand-Dial wizard in the Routing and Remote Access snap-in, the Add a user account so a remote router can dial in option on the Protocols and Security page of the wizard allows you to create a new user account that is used by the calling router. When this option is selected, a user account with the same name as the demand-dial interfaces is created in the security accounts database being used by the router on which the demand-dial interface is being created.

Table 6.2 lists where the user account is created.

Table 6.2 Location of User Accounts Created by the Demand-Dial Wizard

Router Where the Account Is Created
Stand-alone A local account as if created through the Local Users and Groups snap-in.
Domain controller A domain account as if created through the Active Directory Users and Groups snap-in.
Member of a domain A local account as if created through the Local Users and Groups snap-in.

In all cases, the remote access permission is set to Allow access even though for a new account in a Windows 2000 native mode domain or a stand-alone router, the default remote access permission for newly created accounts is set to Control access through Remote Access Policy. This behavior can cause some confusion if you are using the access by policy administrative model. In the access by policy administrative model, the remote access permission of all user accounts is set to Control access through Remote Access Policy and the remote access permission of individual policies are set to either Grant remote access or Deny remote access.

When the user account is created, it is created with the current default password settings and policies set for your domain. Verify that each user account used by calling routers have the following password settings on the Account tab on the properties sheet of the user account:

© 1985-2000 Microsoft Corporation. All rights reserved.