Connection Manager Administration Kit (CMAK)
Microsoft released the Connection Manager Administration Kit (CMAK) as part of the Windows Server 2003 Administration Tools Pack. The Tools Pack can be downloaded here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=C16AE515-C8F4-47EF-A1E4-A8DCBACFF8E3
After the Tools Pack has been installed you can use CMAK to make a install package for organization's VPN. This can be a great tool to provide End Users with a installation CD for home computers.
To start CMAK go to
Start > Programs > Administrative Tools > Connection Manager Administration Kit
The CMAK Wizard is pretty self explanatory but I'll point out a few tips:
It's a good idea to NOT make the VPN connection the default gateway. In many cases this will prevent web browsing while connected to the remote network.
/0000.jpg)
CMAK also allows you to specify command(s) to run execute on different events. A common event is to launch Remote Desktop on a successfully connection. Recall, you can launch Remote Desktop from the command line with the hostname/IP address of the remote computer as a parameter.
mstsc /v:address
Next CMAK allows you to provide a Custom Graphic for the connector. This graphic is displayed when the VPN connection prompts for the username and password. Generally I put my organization's logo in here to give it some style.
CMAK also allows you to provide a custom icon for the connector. Again if you want to add some style you might make icon your organization's logo.
A great free program to make .ico files from bitmaps/jpg's is Imagicon. Imagicon is available for free download at:
http://www.deviouscodeworks.co.uk/imagicon.html
Finally the CMAK Wizards produces a profile to C:\Program Files\CMAK\Profiles\profilename. To configure the advanced options of the CMAK, you need to edit the profilename.cms located in C:\Program Files\CMAK\Profiles\profilename. The .cms file has many important options.
I normally add the following options in the Connection Manager area:
HideDomain=1
HideRememberPassword=1
HideAdvancedTab=1
IdleTimeout=0
HideDomain=1 hides the domain from the login screen.
HideRememberPassword=1 makes disables remember password, a good security idea.
HideAdvancedTab=1 hides the advanced tab.
IdleTimeout=0 makes the connection not time out after 10 minutes, etc.
You need to add these keys yourself, there not in the default .cms file.
Once you have editted the .cms file in a text editor, you need to rebuild the CMAK by going through the CMAK Wizard a second time.
Another tip I'll include is, if you have computers working outside of your organization and you want to force them to login over a dial-up VPN, you can use the following registry switch to force the option at sign-on.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"RasForce"="1"
For more details see:
http://support.microsoft.com/kb/172125