home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The CICA Windows Explosion!
/
The CICA Windows Explosion! - Disc 2.iso
/
nt
/
ntkb.zip
/
NTKB.EXE
/
Q97
/
7
/
99.TXT
Wrap
Text File
|
1993-08-30
|
4KB
|
89 lines
DOCUMENT:Q97799 01-JUN-1993 [W_NT]
TITLE :INF: No RASLANNETS Parameter Under Windows NT RAS
PRODUCT :Windows NT
PROD/VER:3.10
OPER/SYS:WINDOWS
KEYWORDS:
--------------------------------------------------------------------
The information in this article applies to:
- March Release of Microsoft Windows NT operating system
version 3.1
--------------------------------------------------------------------
Summary:
The RASLANNETS parameter is not available in Remote Access Service
(RAS) for Windows NT and Windows NT Advanced Server. Under Microsoft
LAN Manager RAS, RASLANNETS can be used to indicate the LANs (local
area networks) to be made visible to Remote Access clients. There is,
however, a limited workaround available under Windows NT.
RAS has the ability to gateway frames from Remote Access clients onto
LANs that the Remote Access server is running on. This feature is
controlled by the NetBIOS gateway component. In LAN Manager RAS, the
RASLANNETS parameter allows you to specify exactly which networks are
to be made visible to Remote Access clients and which ones are to be
restricted. This is a security feature. For example, in the LANMAN.INI
file under the [REMOTEACCESS] section, you can specify which networks
are available by simply listing their names on the RASLANNETS
statement.
In RAS for Windows NT there is a new parameter that also deals with
this security issue. The new NT Registry entry, NETBIOSGATEWAYENABLED,
allows you to disable or enable the gateway component. If you disable
it, then all access to the LAN is restricted for Remote Access
clients; they are only able to access resources on the Remote Access
server. This parameter is located in the Registry in the following
subkey:
SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters
A zero (0) means to disable the gateway component and a one (1) means
to enable it.
This setting does not allow you to pick which protocols are enabled;
you can either enable them all or disable them all. A limited
workaround that allows you to get some of the RASLANNETS functionality
in Windows NT follows.
To disable access to a protocol, you can unbind it from the NetBIOS
interface. Because the RAS gateway is a NetBIOS gateway and
communicates via NetBIOS commands, if a particular protocol is
restricted from talking NetBIOS across its top level interface then it
is cut off from the RAS gateway. This results in the gateway not being
able to forward frames from the Remote Access client to the LAN.
To control protocol binding, choose the Network icon in Control Panel.
Choose the Bindings button. The light bulb icon at the left of the
each protocol indicates whether it is bound our not. (If the light is
on, the protocol is bound.) For example: To prevent Remote Access
clients from accessing TCP/IP servers on a LAN, select TCP/IP and
choose the Disable button.
The only side effect of this workaround is that it disables the
NetBIOS interface on that protocol for both Remote Access clients and
LAN clients. Users cannot talk to the server using that protocol via
NetBIOS. This only affects NetBIOS applications. It does not affect
LAN Manager servers or workstations running on a Windows NT system.
(LAN Manager running on Windows NT uses the TDI interface to talk to
protocols, not the NetBIOS interface.)
Additional reference words: 3.10
=============================================================================
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.
Copyright Microsoft Corporation 1993.