VPN Login vs Windows Login

[Jeff Cooper]

Hi recently setup a vpn to my computer so I could get to it from may
laptop using remote desktop. For the VPN, which is PPTP, I of course
wanted as cryptic a password as possible rather than some simple
password (name of cat, favorite jedi, whatever) which is often used
when logging in locally.

If I change the password in the users tab of the Incoming Connections,
it changes my windows login. If I add a different account to use as
the VPN login, it adds the account to my local login screen.

So, my question is: Is there a way to have a different password for
the VPN login than for the Windows Login (or RD login)? If not, how do
I make an account that does not show up on the local Login Screen
(like administrator, SQLDebugger, etc)?

Thanks,

Jeff

ps- Just as an aside, I went with pptp 'cause L2tp was making my head
hurt. I figured since it's encrypted, and RD is encrypted as well, if
all I use it for is remote desktop it should be secure enough.
Anything blatently stupid about this assumption?

 

[Mike Brannigan [MSFT]]

Jeff,

Your account may only have one password.
As regards hiding an account from the Welcome Screen - either do not use the
Welcome Screen at all or make the registry edits to "hide" the account from
the Welcome Screen, have a look at the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

 

[Guest]

Jeff,

Be aware that the RDP protocol is vulnerable to man-in-the-middle attacks.
Also, PPTP provides a minimal amount of protection since there is no
authentication of who has the password. L2TP requires a valid cert on the
machine that is trying to connect to the VPN. Unless someone has access to
both your machine and password they will not be able to access the VPN. With
PPTP of anyone discovers your password they can log into the VPN from any
machine the like.

Dan Z, SSCP

 

[Jeff Cooper]

THAT'S what was looking for. I can use one cryptic bizzar
username/login to get into the VPN, then log in to RD with my normal
username.

Thanks!

 

[Jeff Cooper]

Thanks. I'm hoping the PPTP is temporary. I've been looking around for
help with setting up L2TP/IPSec; no luck so far. I know I can use
makecert (I use VS.net) but the documentation is sketchy at best. If
you (or anyone) knows of a site/book whatever where I can get basic
step-by-step instructions for creating certificates for my desktop and
laptop (I guess they can be self-signed since I'm the only one using
them) and getting them set up that would be great.

From what little docs I found, it seems I need to create a certificate
(.cer) file then somehow import that using mmc or something. I ran a
test with makecert and created a .cer file, but what do I do now?
None of the makcert parameters look like indicate"this is the public
key" or "this is the private key" etc, so do I create those? Can I
just import this .cer file onto both machines and use my normal
windows password to access the VPN? If so, do ave to somehow tell
makecert what password I want to use and if not, how does it know it's
right? Just having that certificate file in my posession can't be it,
if it were, anyone who got hold of my computer could just copy the
file off and use it!

Can you tell I'm baffled? Any pointers to any help would be greatly
appreciated.

Thanks,

Jeff