User-defined registry entries for PPTP in Windows XP Service Pack 2 (883354)


The information in this article applies to:

  • Microsoft Windows XP Home Edition Service Pack 2 (SP2)
  • Microsoft Windows XP Professional Service Pack 2 (SP2)
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

INTRODUCTION

This article contains a list of the user-defined registry entries for Point-to-Point Tunneling Protocol (PPTP). It also includes descriptions of these entries and of their associated values.

The Windows PPTP server is subject to a denial of service attack through the PPTP control channel. You can use user-defined registry entries for PPTP to let only specified IP addresses access your machine.

MORE INFORMATION

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

The PPTP registry entries are located in one of the following registry subkeys. In this list, <number> is a placeholder for a number from 0001 to 0020.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\<number>

The subkey that contains the PPTP registry entries is the subkey that contains the DriverDesc REG_SZ entry that has the WAN Miniport (PPTP) data value. To locate the DriverDesc REG_SZ entry, click each <number> subkey, and then look for WAN Miniport (PPTP) in the Data column. You can also click Find on the Edit menu in Registry Editor and then search for WAN Miniport (PPTP).

By default, the following PPTP registry entries are created:
  • AuthenticateIncomingCalls
    • Data type = REG_DWORD
    • Default value = 0
    • Value range = 0 or 1
    To force the PPTP protocol to accept calls only from IP addresses that are listed in the ClientIpAddresses registry entry, set the AuthenticateIncomingCalls value to 1. If the AuthenticateIncomingCalls value is set to 1 and if no addresses are listed in the ClientIpAddresses registry entry, no clients can connect.
  • ClientIpAddresses
    • Data type = REG_MULTI_SZ
    • Value range = The format is a valid IP address (xx.xx.xx.xx).
  • ClientIpMasks
    • Data type = REG_MULTI_SZ
    • Value range = The format is a valid IP address mask (xx.xx.xx.xx).
    The ClientIpAddresses registry entry and the ClientIpMasks registry entry must have one-to-one mapping between them.

    The server accepts PPTP calls from a client only if the client's IP address appears in the list of IP addresses that is included in this registry entry. This registry entry is relevant only if the AuthenticateIncomingCalls registry value is set to 1.
Modification Type:MajorLast Reviewed:1/4/2005
Keywords:kbhowto KB883354
©2004 Microsoft Corporation. All rights reserved.