© 2024 SkillPoint IT. All rights reserved.
Module 9: Extending Remote Access Capabilities Using IAS (Internet Authentication Service) in Windows Server
Extending remote access capabilities using IAS in Windows Server involves configuring the Internet Authentication Service (now known as NPS) to centralize and enhance user authentication, authorization, and accounting (AAA) for VPN, dial-up, and wireless clients via RADIUS.
Introduction to IAS
What is IAS (Internet Authentication Service)?
IAS is the RADIUS server component of older versions of Windows Server (prior to 2008). It allows you to:
Authenticate remote users and devices
Control access policies
Log and monitor connection requests
In Windows Server 2008 and later, IAS is replaced by Network Policy Server (NPS).
- IAS and RADIUS in a Windows 2018 Network
- List Item #1
- Purpose and Use of IAS
- Dial-up Corporate Access
- Extranet Access for Business Partners
- Internet Access Outsourced Corporate Access
- Through Service Providers
How to Extend Remote Access with IAS (RADIUS Server):
1. Install IAS (on Windows Server 2003/2008)
Go to:
Control Panel → Add/Remove Programs → Windows ComponentsSelect:
Networking Services → Internet Authentication Service
2. Configure RADIUS Clients
Open IAS console
Add VPN server, wireless access point, or router as a RADIUS client
Specify IP address and shared secret
Assign a friendly name
3. Create Remote Access Policies
In IAS, go to:
Remote Access Policies → New PolicyDefine:
Conditions: e.g., user group, NAS type
Permissions: Grant/Deny access
Profile settings: encryption, idle timeout, authentication method
4. Enable Logging and Accounting
Configure IAS logging to track:
Authentication attempts
Connection duration
Rejected requests
Use for auditing and troubleshooting
- Installing an IAS Server
- Dial-up Corporate Access
- Extranet Access for Business Partners
- Internet Access Outsourced Corporate Access
- Through Service Providers
- Configuring an IAS Server
- Configuring a Remote Access Server to Use RADIUS Authentication
- Configuring a Remote Access Server to Use RADIUS Accounting
- Configuring Logs for Accounting Information
- Select Events to Log
- Select Log File Format
- New Log Time Period
- Log File Directory
Lab A: Configuring Internet Authentication Service (IAS) on Windows Server for Secure RADIUS Authentication
Configuring Internet Authentication Service (IAS) in Windows Server allows you to set up a RADIUS server to authenticate remote VPN or wireless users, apply access policies, and log connection details securely using centralized authentication.
Lab Steps – Configuring IAS (Windows Server 2003/2008)
Step 1: Install IAS
Go to
Control Panel → Add/Remove Programs → Windows ComponentsSelect:
Networking Services → Details → Internet Authentication Service
Step 2: Register IAS in Active Directory
Open IAS console:
Start → Administrative Tools → Internet Authentication ServiceRight-click IAS (Local) → Select Register Server in Active Directory
Confirm registration so IAS can read user account info
Step 3: Add a RADIUS Client
In IAS, right-click RADIUS Clients → New RADIUS Client
Provide:
Friendly name (e.g., VPN Server)
IP address of the client device
Shared secret (used to secure RADIUS communication)
Step 4: Configure Remote Access Policy
Navigate to Remote Access Policies → New Policy
Define policy name, then set:
Conditions (e.g., user group, NAS-Port-Type)
Permissions: Grant remote access
Authentication methods: EAP, MS-CHAPv2
Encryption types (optional)
Step 5: Enable Logging and Accounting
Go to IAS Properties → Log File
Enable:
Log authentication requests
Log accounting requests
Set log file path and retention settings
Add comment