Local and Remote Network Connections

Network and Dial-up Connections provides data communications-level access to your network, based on the user name and password credentials that you supply. This access does not imply privilege to use resources on the network. The network authorization process confirms your access rights to any network resource each time that you attempt to access it. For more information about authentication and authorization methods, see Authentication later in this chapter.

After you have connected to your network, access to resources is further controlled by various administrative controls on both your own computer and on the servers you are trying to access. These include File and Printer Sharing, Local Group Policy, and Group Policy through the Active Directory directory service.

The way network authentication credentials are processed depends on whether you use the Log on using dial-up connection option when you log on. The authentication process can be streamlined and made more complete by using this option.

Note

If your computer is connecting to a domain-protected network, you must have a user account on that network before you can be granted access to network resources.

Log On Using Dial-Up Connection

You can connect to your network using a dial-up or VPN connection, and log on to the network simultaneously by using the Log on using dial-up connection option. If your remote access server user name and password are the same as your domain user name and password, which they usually are, then you can provide a single set of credentials, and simultaneously log on to your network and provide information needed to access network resources. This provides maximum network access. Your computer and user accounts are authenticated, applicable computer and user account policies are invoked, and logon scripts are run.

If you do not choose the Log on using dial-up connection option, but log on to the computer and then invoke a connection after logon, you can be connected to the remote network if your credentials are acceptable to the remote access (dial-in) server, but your access to network resources may be limited. Consider the following cases:

In one case, if you logged onto your computer using domain credentials, then these credentials enable access to most network resources. However, your functionality might not be complete because your domain policy settings (such as IPSec policies) were not applied, and domain logon scripts were not run.

In another case, if you logged onto your computer using the account of a local user on the computer, then your logon credentials will not be appropriate for network access, so you will be challenged to provide domain credentials each time you attempt to access a network resource. As before, your access may be further limited by the fact that domain policy settings were not applied and that domain logon scripts were not run.

Note

If you are in a local area network environment, you can also simultaneously log on to your local computer and your network domain by logging on with domain credentials. For more information, see Interactive Logon Process later in this chapter.

Administrative Controls That Affect Network Access

After you have connected to your network, access to network resources such as files and printers might be affected by one or more administrative controls.

File and Printer Sharing is established by each resource, and permissions depend on user name or group membership.

Group Policy enforces specified requirements for your users environments. For example, by using Group Policy, you can enforce local and domain security options, specify logon and logoff scripts, and redirect user folder storage to a network location. Local Group Policy can be applied at the local computer or workgroup level. In the domain environment, Local Group Policy, and Group Policy can be applied by means of Active Directory.

For more information about Group Policy in Windows 2000, see Security in this book.