Windows 2000

Tips and Tricks:

1. Bypass the Windows 2000 Serial Check (all versions):

First you want to copy your Windows 2000 setup files from your CD to your hard drive. You have to copy at least the I386 directory (I recommend copying all the files, so you can burn a complete CD later). Now go into the I386 directory you just copied onto your hard drive. Find the setupp.ini file. Right click it, select Properties, and remove the Read-only checkmark. Now open the file to edit it.

Your setupp.ini file should read something like this:

[Pid]
ExtraData=6166656C736263737373B2574A0581
Pid=51873XXX

Replace the 3 X's (generally it'll be three zeros) at the end with "270". It should now read something like this:

[Pid]
ExtraData=6166656C736263737373B2574A0581
Pid=51873270

That’s it! Now you can now install Windows 2000 without a serial number!

Copied from http://www.thetechguide.com

Lessons:

Installing and Configuring a Win2k Server VPN:

Requirements
1. Decide on the maximum number of simultaneous connections you will allow and reserve a range of IP addresses within your subnet to accommodate them. You will need one more IP address than the maximum number (this is allocated to the server for its VPN interface). You can use several separate ranges if required and the addresses should be registered in the DNS in the usual way. It is also possible to use DHCP to allocate addresses. 

2. You must ensure that the WINS and DNS configuration on the server where you are setting up VPN is correct before you start. This is because when a user makes a VPN connection to your server, the VPN client PC will obtain and use WINS and DNS server details from the VPN server. In the case of WINS, the client will also register its NetBIOS name in the WINS database. 

3. If you are using the OUCS WINS servers, you must advise users to use computer names that are guaranteed unique (generally by incorporating part of your unit name in the computer name); renaming their computer if necessary. For more information see the Central Windows Internet Name Service (WINS) pages. 

4. If you have your own firewall, you need to allow TCP port 1723 and IP protocol ID 47 (GRE) traffic to and from your VPN server. 

5. Lastly, don’t neglect the security of your 2000 server, particularly password security. 

--------------------------------------------------------------------------------

Installing and Configuring Routing and Remote Access

1. If the Windows 2000 Configure Your Server screen is open, click on Networking, then on Remote Access and finally on Open Routing and Remote Access. Alternatively, you can start it from Start -> Programs -> Administrative Tools -> Routing and Remote Access. 

2. Select your server in the left-hand window (you may need to expand Routing and Remote Access to see it) and select Configure and Enable routing and Remote Access from the Action menu. 

3. The Routing and Remote Access Server Setup Wizard will start. Click on Next and then choose Virutual private network (VPN) server and click on Next. 

4. In the Remote Client Protocols dialogue box, the only protocol that is required is TCP/IP. Click on Next. 

5. In the Internet Connection dialogue box, accept the default (with <No internet connection> selected) and click on Next. 

6. In the IP Address Assignment box, decide whether you are going to use DHCP or a specified range of addresses for VPN clients and then click on Next. 

7. If you opted to specify a range of addresses, click on New and add in an address range that will be used for VPN clients. You can add several address ranges as required. When you have finished, click on Next. 

8. If you opted to use DHCP and your server has a static IP address, you may see a warning; click on OK. 

9. On the Managing Multiple Remote Access Servers page, accept the default No, I don't want to set up this server to use RADIUS now and click on Next. Click on Finish. 

10. If you opted to use DHCP you may see a message about configuring DHCP relaying. This has not been tested so you are on your own here. 

11. The Routing and Remote Access Service will now be started. In the Routing and Remote Access management console, make sure that your server is still selected and select Properties from Action menu.

12. Click on the Security tab and then on the Authentication Methods button. Disable Microsoft encrypted authentication (MS-CHAP). This should leave only Microsoft encrypted authentication version 2 (MS-CHAP v2) enabled. Click on OK. 

13. If you had protocols such as IPX or NetBEUI installed on your server when you set up Routing and Remote Access, you will have a tab for each protocol. You should disable these protocols — in general you only need to allow IP access. For example, to disable IPX, click on the IPX tab, and turn off the Allow IPX-based remote access and demand-dial connections option. 

14. If you need to change IP address information; for example, the range of IP addresses available, or to switch to using DHCP, this is done via the IP tab. Information can also be logged to the event log; use the Event Logging tab to control the amount of information that gets logged. When you have finished, click on OK. 

15. Look in the right-hand window. There are several other items that may be useful Firstly, you can enable Remote Access Logging. Open up the Remote Access Logging folder and then double-click on the Local File to change settings. You can view connected clients (Remote Access Clients) and you can set up Remote Access Policies. 

16. Check in the right-hand window under your server name for the Ports entry. If you select it and choose Properties from the Action menu you can configure the number of ports (i.e. VPN connections) that are available. According to Microsoft, the default is 5; however in my experience you get 128 L2TP ports and 128 PPTP ports! Currently there is limited support for L2TP (most clients will use PPTP) so you could probably drop this number to 0. Adjust the number of PPTP ports as required. You can probably turn off the Demand-dial routing connections option as well. 



--------------------------------------------------------------------------------

Configuring User Accounts
Before a user can make a VPN connection to your server, there is one further change that you need to make, namely granting the user account(s) permission to dial in. Use the Active Directory Users and Computers management console; view the properties of the user account and click on the Dial-in tab. You can then Allow Access under Remote Access Permission (Dial-in or VPN). 


--------------------------------------------------------------------------------

Testing
You can test a VPN connection using a PC connected to the local network. Obviously this does not test the connection from an external network, but it will test whether your server is configured correctly.