[duhmez]

I went to routing and remote access console and enabled the 2k server as a vpn server, and it works.

I cant find in there though how to set exactly which users have access.

Does it only allow user accounts that can "Log on locally" (Admns)
?? or is there somehting I am missing.

Previously I have used 2k pro for vpn and it's done quite differently.

[DS3Circuit]

Install and Configure a Virtual Private Network Server in Windows 2000
http://support.microsoft.com/?kbid=308208

You control access through Remote Access Policies and a users configuration in ADUC basically. Yes they need to have log on locally access.

An extensive listing to configure vpn access to a "T" ...
http://www.labmice.net/networking/vpn.htm

[duhmez]

Good links, thanks. I believe a little bit of my problem is the strange configuration I have. I have an NT 4 PDC and a win2k Standalone. As you know, the Win2k cannot be a BDC.

It was strange because the remote ccess snapin was saying it required an active directory domain to get authorized, which i do not have at this site. When I tested the vpn wih the admin account, it did indeed conect and function properly.

it was at this point I asked for how to setup user access because I did not want just any user to be able to connect. If only users with Log on locally rights can get on, then that is fine as it is for administration only.

[duhmez]

Indeed I am in a strange situation as ADUC does not exist with my configuation. I did however figure out how to asign VPN access based on group membership but not by specific username, and that is more than adequite for my needs.

[DS3Circuit]

Glad to hear ... any particular reason you have not migrated to Windows 2000?

ADMT is rather concise and highly capable to move a large base of users.

[duhmez]

I'd like nothing more than to migrate. the factor at the moment is cost. My 2000 standalone server only needs a few connections,the main pdc needs dozens. Public school budget is tight. the upgrade will happen, just not yet.