Information Technology Reference
In-Depth Information
How It Works
As with Dynamic Host Configuration Protocol (DHCP) and Remote Access Service (RAS) servers,
you need to authorize an IAS server in Active Directory before it will be able to accept incoming
connections. This feature was added to Active Directory networks as a way to protect against
rogue
servers; that is, servers that may have been installed by illegitimate or malicious users to
steal data or stage denial-of-service attacks against your network.
Registering an IAS server within your current domain is a simple matter; just right-click
the server node in the IAS MMC snap-in and select Register Server in Active Directory. (There
is also a command-line option in
netsh
.)
Another option is to add the IAS server's computer account to the RAS and IAS Servers
security group in the appropriate Active Directory domain. If you need to authorize the server
in a remote Active Directory domain, you have two options:
Add the computer account to the RAS and IAS Servers group in the remote domain.
Mod fy the
netsh
syntax as follows:
netsh add registeredserver
RemoteDomainName
ServerName
RAS and IAS do not have a Windows Management Instrumentation (WMI) provider
specifically, but you can execute
netsh
commands via the Windows Scripting Host (WSH)
Exec()
method.
See Also
Microsoft TechNet: “Running Programs from WSH Scripts” (
http://www.microsoft.com/
technet/community/columns/scripts/sg1002.mspx
)
6-2. Starting and Stopping IAS
Problem
You want to start or stop the IAS service on a local or remote computer.
Solution
Using a Graphical User Interface
1.
Open the Services MMC snap-in. Scroll down to the Internet Authentication Service entry.
2.
Right-click the entry and select one of the following:
Stop to stop IAS
Start to start IAS
Restart to restart IAS
