Networking keys
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Networking keys
You can change how Connection Manager handles networking. To do this, you need to edit the service (.cms) file. The table in this topic covers the key names and values that pertain to the networking sections of the .cms file. This topic also describes the formats and conventions you should use in the .cms file.
Formats and conventions
Connection Manager creates service (.cms) files, which use the same format as Windows initialization (.ini) files and information (.inf) files. These files have several things in common:
Each file is divided into sections, with specific entries, called keys, assigned to the sections. A section heading is enclosed within brackets ([ ]). For example, [Strings] is a section containing text strings for messages. The keys for a section are not enclosed within brackets.
Each value specified for a numeric key must be an integer. Any noninteger value is truncated to an integer or ignored as invalid data. For example, 1.1 is truncated to 1 or ignored.
The order in which sections appear is not important; a particular section can be placed anywhere in the file.
Each comment in the file begins with a semicolon (;).
For more information on these formats and conventions, see the Microsoft Platform Software Development Kit (SDK) at the Microsoft Web site.
Table of networking keys
The following table shows the valid keys for networking in the .cms file, the function and use of each key, and where each key can be set. You can set different keys in the Connection Manager Administration Kit (CMAK) wizard or the .cms file. If you change the .cms file with a text editor, rather than by using the Advanced Customization pane of the CMAK wizard, you must rebuild the profile afterward with the CMAK wizard.
Notes
In the following table, keys controlled by specific panes of the CMAK wizard are identified in the Set in column as CMAK. Although these keys appear in the .cms file, you should use the CMAK wizard to update these keys. If you change these keys by editing the .cms file, the CMAK wizard might overwrite them if you run it again on the same profile. Keys set in the Advanced Customization pane of the CMAK wizard are identified as .cms or .cmp, as appropriate.
Make sure that locations are specified either as the full path or in reference to the location of the .cmp file.
| [Section] or key | Value | Set in |
|---|---|---|
[Server&TunnelDUN] |
Configuration to be used for all VPN connections. In this section title, TunnelDUN is the value of the TunnelDUN key in the [Connection Manager] section, for example, [Server&Awesome1 Tunnel]. This section uses the same format as the [Server&EntryName] section, including all keys valid under that section. |
CMAK .cms |
[Server&EntryName] |
Configuration where EntryName is the name of the dial-up entry, for example, [Server&Awesome1]. |
CMAK |
SecureLocalFiles |
For Windows NT, Windows 2000, Windows XP, and the Windows Server 2003 family only. Whether to share local files and allow printer sharing. If the value of the key is set to 1, it will disable NetBT on Windows 2000, Windows XP, and the Windows Server 2003 family. This key value will be ignored on Windows XP and the Windows Server 2003 family if a value is assigned to the SecureClientForMSNet key, the SecureFileAndPrint key, or both. 0 (default) = Share local files. 1 = Do not share local files. |
CMAK |
SecureClientForMSNet |
For Windows XP and Windows Server 2003 family only. Whether to allow the use of NetBT. If this key is set, the value of the SecureLocalFiles key will be ignored on Windows XP and the Windows Server 2003 family. 0 (default) = Allow the use of NetBT. 1 = Do not allow the use of NetBT. |
.cms |
SecureFileAndPrint |
For Windows XP and Windows Server 2003 family only. Whether to enable file and print sharing. If this key is set, the value of the SecureLocalFiles key will be ignored on Windows XP and the Windows Server 2003 family. 0 (default) = Enable. 1 = Disable. Files and print resources will not be shared. |
.cms |
DataEncrypt |
Whether to force data encryption. On Windows 2000, Windows XP, and Windows Server 2003 family, if the EncryptionType key is set, the value of the DataEncrypt key is ignored. 0 (default for dial-up entries) = Do not encrypt data. 1 (default for VPN entries) = Encrypt data. |
CMAK |
EncryptionType |
Which encryption level is to be used. 0 = None. 1 (default for VPN) = Require. 3 (default for dial-up) = Optional. Valid only for Windows 2000, Windows XP, and the Windows Server 2003 family. |
CMAK |
DontNegotiateMultilink |
For Windows XP and Windows Server 2003 family only. Whether to allow multilinking. 0 (default) = Allow multilink. 1 = Do not allow multilink. |
.cms |
DontUseRasCredentials |
For Windows XP and Windows Server 2003 family only. Whether to cache the user's credentials in Stored User Names and Passwords for use when accessing resources after logging onto the network. 0 (default) = Cache and use credentials. 1 = Do not cache and use credentials. |
.cms |
NetworkLogon |
Whether to log on to the network. 0 = Do not log on. This is the default for dial-up connections. 1 = Log on. This is the default for VPN connections. |
CMAK |
SW_Compress |
Whether to negotiate PPP software compression of data. 0 = Do not negotiate. 1 (default) = Negotiate. |
.cms |
Disable_LCP |
Whether to enable Link Control Protocol (LCP) extensions. 0 (default) = Enable. 1 = Disable. |
.cms |
PW_Encrypt |
Whether to encrypt a password when authenticating. 0 (default) = Do not encrypt. 1 = Encrypt. |
CMAK |
PW_EncryptMS |
Whether to require MS-CHAP version 1 for this connection. 0 = Do not require MS-CHAP v1. 1 = Require MS-CHAP v1. |
CMAK |
Negotiate_TCP/IP |
Whether to negotiate TCP/IP. 0 = Do not negotiate. 1 (default) = Negotiate. |
.cms |
Negotiate_IPX |
Whether to negotiate the IPX protocol. 0 (default) = Do not negotiate. 1 = Negotiate. The IPX/SPX protocol is not available on Windows XP 64-bit Edition (Itanium) and the 64-bit versions of the Windows Server 2003 family. |
.cms |
Negotiate_NetBEUI |
Whether to negotiate the NetBIOS extended user interface (NetBEUI) protocol. 0 (default) = Do not negotiate. 1 = Negotiate |
.cms |
Require_PAP |
Whether Password Authentication Protocol (PAP) is allowed. 0 (default) = Not allowed. 1 = Allowed. Valid only for Windows 2000, Windows XP, and the Windows Server 2003 family. |
CMAK |
Require_SPAP |
Whether SPAP is allowed. 0 (default) = Not allowed. 1 = Allowed. Valid only for Windows 2000, Windows XP, and the Windows Server 2003 family. |
CMAK |
Require_EAP |
Whether Extensible Authentication Protocol (EAP) is allowed. Valid only for Windows 2000, Windows XP, and the Windows Server 2003 family. 0 (default) = Not allowed. 1 = allowed. |
CMAK |
Require_CHAP |
Whether Challenge Handshake Authentication Protocol (CHAP) is allowed. 0 = Not allowed. 1 (default) = Allowed. Valid only for Windows 2000, Windows XP, and the Windows Server 2003 family. |
CMAK |
Require_MSCHAP |
Whether MSCHAP is allowed. 0 = Not allowed. 1 (default) = Allowed. Valid only for Windows 2000, Windows XP, and the Windows Server 2003 family. |
CMAK |
Require_MSCHAP2 |
Whether MSCHAP2 is allowed. 0 = Not allowed. 1 (default) = Allowed. Valid only for Windows 2000, Windows XP, and the Windows Server 2003 family. |
CMAK |
Require_W95MSCHAP |
Whether W95MSCHAP is allowed. If the value for this key is set to 1, the value for Require_MS-CHAP must also be set to 1. 0 (default) = Not allowed. 1 = Allowed. Valid only for Windows 2000, Windows XP, and the Windows Server 2003 family. |
.cms |
Custom_Security |
Applies specific security settings on computers that are running Windows 2000, Windows XP, or a member of the Windows Server 2003 family. 0 = Use standard configuration. 1 (default) = Use custom configuration. Valid only for Windows 2000, Windows XP, and the Windows Server 2003 family. |
CMAK |
CustomAuthKey |
The ID of the Extensible Authentication Protocol (EAP) to be used with this connection. The format is CustAuthKey=ID, where ID is the Internet Assigned Numbers Authority (IANA) ID for the EAP. If no ID is specified, no attempt will be made to read the CustomAuthData value. Valid only for Windows 2000, Windows XP, and the Windows Server 2003 family. |
CMAK |
CustomAuthData# |
The configuration data for the EAP. The format is CustomAuthData#=EAPConfigurationData, where # is the number of the specific line of data, for example: CustomAuthData0=1AFGKLMOFGH23K Each line can contain a maximum of 128 characters. If the ID has more than 128 characters, it must be specified as multiple lines, incrementing the # for each line of data. For example: CustomAutData0=First128Characters CustomAuthData1=Next128Characters CustomAuthData2=FinalCharacters Valid only for Windows 2000, Windows XP, and the Windows Server 2003 family. |
CMAK |
EnforceCustomSecurity |
Whether to enforce the user to select a phone book entry that includes support for advanced security settings. 0 (default) = Do not enforce phone book entry selection (Windows 95, Windows 98, Windows NT 4.0, and Windows Millennium Edition only). 1 = Enforce selection of phone book entries that support advanced security settings. |
CMAK |
DisableNbtOverIP |
Whether to disable the NetBT routing protocol for this connection. 0 (default) = Do not disable NetBT. 1 = Leave NetBT enabled. |
.cms |
[TCP/IP&TunnelDUN] |
TCP/IP configuration to be used for all VPN connections. In this section title, TunnelDUN is the value of the TunnelDUN key in the [Connection Manager] section, for example, [TCP/IP&Awesome1 Tunnel]. This section uses the same format as the [TCP/IP&EntryName] section, including all keys valid under that section. This section is created by the CMAK wizard, but the keys can be edited in the .cms file. |
CMAK .cms |
[TCP/IP&EntryName] |
Configuration where EntryName is the name of the dial-up entry, for example: [TCP/IP&Awesome1] |
CMAK .cms |
Specify_IP_Address |
Whether to specify a static IP address. 0 (default) = Do not specify. 1 = Specify. |
.cms |
IP_Address |
Static IP addresses. |
.cms |
Specify_Server_Address |
Whether to specify static DNS or Windows Internet Name Service (WINS) addresses. 0 (default) = Do not specify. 1 = Specify. |
CMAK |
DNS_Address |
DNS address. |
CMAK |
DNS_Alt_Address |
Alternate DNS address. |
CMAK |
WINS_Address |
WINS address. |
CMAK |
WINS_Alt_Address |
Alternate WINS address. |
CMAK |
IP_Header_Compress |
Whether to enable IP header compression. 0 = Not enabled. 1 (default) = Enabled. |
CMAK |
Gateway_On_Remote |
Whether to use the default gateway on the remote private network. 0 = Do not use. 1 (default) = Use. |
CMAK |
DNSSuffix |
DNS suffix to use for the connection. Valid only for Windows XP and Windows Server 2003 family. |
.cms |
TcpWindowSize |
For Windows 2000, Windows XP, and the Windows Server 2003 family only. Sets the size (expressed in bytes) of the window offered by the connection. Number of bytes of information to send before expecting a return packet. Minimum value is 4,096; maximum value is 65,500. If this key is not set, the default window size for the operating system and the connection type will be used. |
.cms |
[Networking&TunnelDUN] |
The single configuration to be used for all VPN connections. In this section title, TunnelDUN is the value of the TunnelDUN key in the [Connection Manager] section, for example, [Networking&Awesome1 Tunnel]. |
CMAK |
VpnStrategy |
Which tunneling protocol to use when establishing a VPN connection. 1 = Use PPTP only. 2 = Try PPTP first. 3 = Use L2TP only. 4 = Try L2TP first. Valid only for Windows 2000, Windows XP, and the Windows Server 2003 family. |
CMAK |
UsePreSharedKey |
Windows 2000, Windows XP, and the Windows Server 2003 family only. Whether to use a pre-shared key for L2TP/IPSec authentication. 0 (default) = Do not use a pre-shared key. 1 = Use a pre-shared key. |
CMAK |
VPNEntry |
Specifies to CMAK whether the entry is a VPN entry and not a dial-up entry. 0 = Dial-up entry. 1 = VPN entry. |
CMAK |
[Scripting&EntryName] |
Location (path and file name) of the script (.scp) file, where EntryName is the name of the dial-up entry, for example: [Scripting&Awesome1]). |
CMAK |
Name |
Location (including path and file name) of the script (.scp) file for the dial-up entry. |
CMAK |
UseTerminalWindow |
For Windows 2000, Windows XP, and the Windows Server 2003 family only. Whether to use a terminal window when connecting to a service. 0 (default) = Do not use a terminal window. 1 = Use a terminal window. |
.cms |