The RASLANNETS parameter is not available in Remote Access Service
(RAS) for Windows NT and Windows NT Advanced Server. Under Microsoft
LAN Manager RAS, RASLANNETS can be used to indicate the LANs (local
area networks) to be made visible to Remote Access clients. There is,
however, a limited workaround available under Windows NT.
RAS has the ability to gateway frames from Remote Access clients onto
LANs that the Remote Access server is running on. This feature is
controlled by the NetBIOS gateway component. In LAN Manager RAS, the
RASLANNETS parameter allows you to specify exactly which networks are
to be made visible to Remote Access clients and which ones are to be
restricted. This is a security feature. For example, in the LANMAN.INI
file under the [REMOTEACCESS] section, you can specify which networks
are available by simply listing their names on the RASLANNETS
statement.
In RAS for Windows NT there is a new parameter that also deals with
this security issue. The new NT Registry entry, NETBIOSGATEWAYENABLED,
allows you to disable or enable the gateway component. If you disable
it, then all access to the LAN is restricted for Remote Access
clients; they are only able to access resources on the Remote Access
server. This parameter is located in the Registry in the following
subkey:
SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters
A zero (0) means to disable the gateway component and a one (1) means
to enable it.
This setting does not allow you to pick which protocols are enabled;
you can either enable them all or disable them all. A limited
workaround that allows you to get some of the RASLANNETS functionality
in Windows NT follows.
To disable access to a protocol, you can unbind it from the NetBIOS
interface. Because the RAS gateway is a NetBIOS gateway and
communicates via NetBIOS commands, if a particular protocol is
restricted from talking NetBIOS across its top level interface then it
is cut off from the RAS gateway. This results in the gateway not being
able to forward frames from the Remote Access client to the LAN.
To control protocol binding, choose the Network icon in Control Panel.
Choose the Bindings button. The light bulb icon at the left of the
each protocol indicates whether it is bound our not. (If the light is
on, the protocol is bound.) For example: To prevent Remote Access
clients from accessing TCP/IP servers on a LAN, select TCP/IP and
choose the Disable button.
The only side effect of this workaround is that it disables the
NetBIOS interface on that protocol for both Remote Access clients and
LAN clients. Users cannot talk to the server using that protocol via
NetBIOS. This only affects NetBIOS applications. It does not affect
LAN Manager servers or workstations running on a Windows NT system.
(LAN Manager running on Windows NT uses the TDI interface to talk to
protocols, not the NetBIOS interface.)