Windows Server

Windows Server 2003 : Configuring IAS for Use with VLANs

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
5/4/2011 6:41:48 PM
Wireless network access can be secured using Wi-Fi Protected Access (WPA) as defined in the IEEE 802.11i standard and/or using IEE 802.1x authentication. (WPA requires 802.1x authentication, but 802.1x can be used without WPA.) To implement WPA, wireless clients and wireless access points must support 802.1x authentication. If a RADIUS server is not used for authentication, 802.1x can be supported by a shared secret. However, a more secure solution is to use a RADIUS server. IAS server supports 802.1x authentication and its configuration is discussed here. Support for WPA and 802.1x is available for Windows clients.

Table 1 describes the support for 802.1x authentication and WPA in Microsoft products.

Table 1. 802.1x and WPA support in Microsoft Products
ProductDetails for 802.1xDetails for WPA
Windows Server 2003Group Policy can be used to configure client settings.Obtain from Microsoft and install the WPA client. Obtain network card driver and firmware updates as necessary.
Windows XPGroup Policy can be used to configure client settings (SP1 and above). A wireless update download is available (see KB article 826942).Windows XP SP1 or later; obtain and install the Windows WPA Client. Obtain network card driver and firmware updates as necessary.
Windows 2000SP3 or later and the Microsoft 802.1x upgrade for Windows 2000 or SP4.Obtain and install a new WPA-compliant configuration tool from the wireless network card adapter.
Pocket PC 2002N/AN/A
IAS ServerWindows Server 2000 with SP4 or later, and Windows Server 2003.N/A
Windows 98, Millennium, and Windows NT 4.0 Workstation802.1x client support available for Microsoft Premier and Alliance support customers only.N/A

Authentication is a major component of secure access to wireless networks. While there are several choices that can be used for authentication, the use of Extensible Authentication Protocol (EAP ) or Protected EAP (PEAP), and the 802.1x authentication process is the best solution. An understanding of the EAP, PEAP, and the 802.1x authentication process is necessary to correctly implement them. Many installations fail simply because of lack of knowledge about these protocols.

1. Understanding EAP and PEAP

The 802.1x IEEE standard for network port authentication defines how EAP can be used for authentication by IEEE 802 devices including wireless access points and Ethernet switches. The standard uses the IETF RFC 2284, PPP Extensible Authentication Protocol (PEAP). Only EAP authentication types are supported. To use 802.1x the following components must support 802.1x and PEAP:

  • Wireless access points (APs)

  • Wireless client

  • RADIUS server

EAP is flexible and extensible, but does not encrypt the authentication channel. Therefore, it might be possible for a malicious user to capture and analyze successful authentication and possibly gain information that might assist in an attack. For example, if password protocols such as the Challenge Handshake Access Protocol (CHAP) that are susceptible to offline password cracking attacks are used, the attacker might be able to crack the password of a valid user. In addition, the attacker might be able to inject packets into the communication and interfere with communications. PPP authentication protocols select authentication methods during link establishment as part of the connection validation. EAP does not use the authentication mechanism during link establishment. Instead, authentication methods (or the choice of an EAP type) are chosen during the connection and authentication phase. However, when EAP is used for 802.1x, communications authentication takes place before packets are encrypted using the Wired Equivalency Privacy (WEP) protocol .

PEAP encrypts the entire communication (including the user authentication process). PEAP uses Transport Layer Security (TLS) to create a secure, encrypted channel. Messages are also checked for integrity. The channel is created before the client is authenticated. When PEAP is used, even those authentication protocols that are susceptible to attacks can be used because the communications channel is encrypted before user authentication takes place. Windows Server 2003, Windows XP SP1 or later, and Microsoft 802.1x Authentication clients support PEAP-MS-CHAP v2 and EAP-TLS as defined in RFC 2716, PPP EAP TLS Authentication Protocol. EAP-TLS is very similar to the protocol used in Secure Sockets Layer (SSL), the protocol used to authenticate and secure communications with e-commerce servers.

When PEAP-MS-CHAP v2 is used, wireless clients do not need certificates, but the IAS server does. If you have implemented a Windows Certificate Authority (CA) based Public-Key Infrastructure (PKI), issue a certificate for the IAS server. However, if you do not already have a PKI, you may use a third-party certificate for the server. The client must have a copy of the root CA certificate for the server's certificate to validate the digital signature of the IAS server certificate. The certificate is used to authenticate the client to server connection, and provide encryption keys for further communications (including the user's MS-CHAP v2 authentication).

When EAP-TLS is used, both clients and servers need certificates. Certificates may be stored on the client computer or on smart cards.

Other 802.1x authentication schemes are Cisco's LEAP (which requires the use of Cisco wireless access points) and EAP-MD5 (which is not recommended for wireless communications).

Third-party components can be used to provide the IAS server with support for PEAP authentication methods such as the use of token cards such as the RSA SecureID. (For more information, see the article Enterprise Deployment of Wireless and Remote Access with RSA Secure ID and Microsoft Internet Authentication Service at:

After authentication, 802.1x generates dynamic encryption keys that are used for WEP encryption. (The keys are frequently changed and distributed to clients.) The use of dynamic keying for WEP mitigates one of the major vulnerabilities of WEP. Because WEP keys can be cracked if enough WEP messages are captured, frequent rekeying can reduce the chance that this will occur.

EAP over RADIUS is not a defined EAP type, but is the method by which EAP messages can be passed by the NAS server to a RADIUS server for authentication. The EAP message is included as a RADIUS attribute part of the RADIUS message. The NAS server does not process the EAP message; the RADIUS server and the origination access client do. After the RADIUS server has processed the EAP message, it returns an EAP message encapsulated in the RADIUS message back to the NAS server. The NAS server returns the EAP message to the client that requested the connection.

2. Understanding the 802.1x Authentication Process

The 802.1x authentication process is also referred to as port authentication . This is because a two-port configuration is used. One port, the uncontrolled port, is used for communications between the wireless access point and the RADIUS server. Client communications are forwarded over this port. No direct communications between the client and the RADIUS server (or any other intranet resource) can use this port. The second port, the controlled port, is available only to authenticated and authorized clients and is used for communications between the client and the intranet over the wireless access point. Communications required to perform client authentication to the RADIUS server are proxied by the access point. The access point is the RADIUS client.

There are three new 802.1x specific definitions:

Port Access Entity (PAE) or LAN port

This supports the 802.1x protocol that is associated with a logical or physical port. The PAE can be either an authenticator or supplicant (or both).


This is a LAN port used to request access to services through the authenticator. In a wireless network, the supplicant is the LAN port on the wireless LAN network adapter.


This is the LAN port on the access point or NAS server that is used for communications with the RADIUS server. In a wireless network the authenticator is the LAN port on the wireless access point. The authenticator does not authenticate the supplicant's request; instead it forwards the supplicant's request to an authentication server (the RADIUS server).

The authenticator has both an uncontrolled port and a controlled port. The uncontrolled port is used for uncontrolled communications between the wireless AP and other devices on the wired network (for example, RADIUS messages). A wireless network client's frames are never forwarded through the uncontrolled port. The controlled port does forward an authenticated wireless client's frames between the client and the wired network. Think of the controlled port as if it was an electrical switch. Until the client has authenticated, the switch is open (no connection exists, electricity cannot flow) and no client communications can be forwarded. After the client has been authenticated, the switch is closed and data can flow between the client and the wired network.

Figure 1 illustrates the controlled and uncontrolled ports on the AP. In the figure, the uncontrolled port is communicating with the RADIUS server to forward the connection request from client 1. The controlled port logical switch is open. Another part of the controlled port is closed to support communications for client 2. Client 2 has already been authenticated.

Figure 1. Uncontrolled and controlled ports

The authentication server is a server that checks the credentials of the supplicator on behalf of the authenticator and returns the results (authenticated or denied) to the authenticator. The authentication server can be a component of the AP, in which case the AP must be configured with the user credentials. In a wireless network, the authentication server is usually a RADIUS server and the wireless AP uses the RADIUS protocol to send and receive connection requests and results with the RADIUS server.

The authentication process follows these steps as illustrated in Figure 2:

  1. The access client uses its wireless network card and sends a connection request to the wireless access point. The connection request includes the user identity.

  2. The wireless access point acts as a RADIUS client and uses the uncontrolled port to forward an Access-Request message, including the user identity to the RADIUS server.

  3. The RADIUS server sends an Access-Request back to the wireless access point requesting the user's credentials (user ID and password).

  4. The wireless access point requests this information from the access client.

  5. The access client provides this information to the wireless access point, which then forwards it to the RADIUS server.

  6. The RADIUS server performs an authentication check against either its local database or AD, depending on how the RADIUS server is configured.

  7. If the user credentials are valid, an Access-Accept message is returned to the wireless access point.

  8. If the user credentials are not valid, the RADIUS server returns an Access-Reject message to the wireless access point.

  9. If the user credentials cannot be verified (a domain controller cannot be located, for example), the connection request is dropped.

  10. If the wireless access point receives an Access-Accept message, the user is allowed to communicate with the intranet using the controlled port of the wireless access point; otherwise, this port remains closed.

Figure 2. The 802.1x authentication process

3. Implementing 802.1x Authentication

To implement 802.1x authentication, three components must be configured:

  • The 802.1x capable wireless access point

  • The IAS server

  • The Windows client

It is also beneficial to create a Windows custom security group whose members are those users who are authorized for wireless access.

To configure the wireless access point, use the manufacturer's instructions.

3.1. Configuring IAS to support 802.1x authentication for wireless clients

To configure IAS to support 802.1X authentication, the wireless access point is added to the RADIUS server as a RADIUS client and a Remote Access policy is created to manage wireless connections. If the RADIUS server does not already have a certificate, one must be obtained and installed before the Remote Access policy can be configured.

3.1.1. Configuring a Remote Access policy for wireless

The Remote Access policy should have the following configuration characteristics:

EAP authentication

The authentication method must be defined for the policy. For wireless access, the first choice made is between PEAP or smart cards. The use of smart cards for wireless access requires the use of an EAP protocol. For wireless access remote access policies, you will always identify a type of EAP authentication.

Ignore dial-up properties attribute

When Remote Access policies are evaluated, the dial-up properties of the user account are considered. If call-back is configured, the wireless access point cannot respond. Therefore, the dial-up properties must be ignored for wireless connections.

Framed MTU attribute

This is used with EAP authentication. This informs the RADIUS server of the maximum transmission unit (MTU) negotiated with the client. (The MTU specifies the largest IP datagram that can be transmitted.) This prevents the RADIUS server from sending EAP messages too large for the client to accept.

Tunnel-Pvt-Group-ID attribute

If a VLAN is used to manage wireless clients, this attribute allows specification of the VLAN ID.

To create the policy, create a new Remote Access policy and then edit the policies profile. Finally, remove the default Remote Access policy, or move it down so the wireless access policy is evaluated first.

To create the policy, begin by opening the IAS console. Right-click Remote Access Policies and then click New Remote Access Policy. Then click Next. Enter a name for the policy (for example, Wireless Access), then click Next. Select Wireless and then click Next. Use the Add button and add the Windows group representing users who are authorized to connect to the wireless network. Then click Next.

In the Authentication Methods window, use the Type drop-down list to select a method. (You can choose between PEAP or smart cards. The instructions that follow are for the PEAP option.) Select Protected EAP (PEAP), as shown in Figure 3.

Figure 3. Select the authentication method

Click the Configure button next to the drop-down list box. Configure Protected EAP Properties, as shown in Figure 4. The server certificate must already be present on the server. If desired, check the Enable Fast Reconnect box. This box allows the server and client to reconnect quickly when a connection is dropped. However, it avoids some security checks and therefore might allow an attacker to successfully hijack a connection between a valid client and the server. For this reason, it is left blank in our example.

Figure 4. Use Add to add PEAP properties

Use the Add button to identify the EAP Type allowed for this connection. Then click OK, followed by Next, and then Finish.

To edit the profile, expand the Remote Access Policies node and double-click on the wireless policy in the detail pane. On the Settings page, click the Edit Profile button to edit the profile. Review the configuration settings and compare them against network requirements (for example, modifying acceptable encryption requirements or adjusting dial-in constraints). Select the Advanced tab, as shown in Figure 5, and click the Add button to add an Attribute.

Figure 5. Edit the profile

Scroll down and select Ignore-User-Dial-In-Properties and then click Add. This property is necessary to prevent the IAS server from processing user properties that the wireless access point won't understand. The primary user property that can cause problems is the Call-Back phone number listed in a user account Dial-In properties page in Active Directory Users and Computers. Click True and then click OK. Repeat this process for other required attributes.

Examples of attributes that may be required are those required for VLANs. If a VLAN is used to manage wireless clients, add the attributes Tunnel Type (select Virtual LAN (VLAN)) and Tunnel-Pvt-Group-ID (add the value of the VLAN ID that contains the certificate server for the wireless clients).

Click Close to return to the Settings page. Click OK twice to close the policy.

3.2. Understanding and fulfilling certificate requirements for EAP and PEAP

Client and server certificates for EAP and PEAP must meet specific requirements. This is true whether the certificate is produced by a Microsoft Windows CA or a third-party CA. The requirements are listed here for reference when planning your IAS/wireless deployment.

Specific certificate requirements for EAP and PEAP are as follows:

  • The client certificate must be issued by a Windows Enterprise CA or be mapped to a user account or computer account in the AD. (An Enterprise CA is integrated with AD and automatically maps its issued certificates to AD accounts.)

  • The user or computer certificate chains to a trusted root CA. (It is issued by the root CA or by a CA in the root CA's hierarchy.)

  • The user or computer certificate on the client includes the Client Authentication purpose.

  • The user or computer certificate does not fail one of the checks performed by CryptoAPI certificate store and passes requirements in the Remote Access policy.

  • The 802.1x client does not use registry-based (stored in the registry) certificates that are smart-card certificates, or that are protected with a password. (Smart-card certificates stored on a smart card can be used.)

  • The Subject Alternative Name extension in the client certificate contains the user principal name (UPN) of the user.

  • When clients use PEAP with EAP-TLS and EAP-TLS authentication, a list of all installed certificates valid for EAP-TLS are display in the Certificates snap-in.

  • The IAS or VPN server certificate must also be configured with the "Server authentication" purpose (a certificates purpose designates how it can be used. The server authentication purpose means the certificate can be used to prove the server is who it claims to be). The object identifier (an number which is used to classify an object) for server authentication is

  • The IAS or VPN server certificate must have the name in the "Subject line" of the certificate that matches the name configured on the client for the connection.

  • For use with wireless clients, the IAS or VPN server certificate must be configured with the Subject Alternative Name extension containing the name of the IAS or VPN server.

3.3. Using a Windows CA server certificate

If a server certificate is required and a Windows Enterprise CA is present to provide certificates for the domain, the Windows Enterprise CA may already have issued a server certificate to the domain member IAS server. Use the Certificates console to verify if this is so. If the CA is not configured to automatically provide server certificates, a certificate can be requested using the Certificates console. Third-party certificates can also be used.

To verify if a computer certificate from an enterprise CA is available, first create a Certificates console for the local computer by adding the Certificates snap-in to an MMC console on the IAS server. When the Certificates snap-in is selected, a prompt for user or computer certificates is offered. Select the "Local computer account (the computer this console is running on)" option, as shown in Figure 6.

Figure 6. Identify the computer whose certificates are to be checked

Check for the existence of a server certificate for this computer. The certificate, if present, is located in the Certificates (Local Computer) → Personal → Certificates node of the Certificates console, as shown in Figure 7.

Figure 7. Check for a server certificate

If a certificate is not present, you must request a computer certificate. To request a certificate, begin by right-clicking the Personal folder of the Certificates console for the IAS server and then click All Tasks. Select Request New Certificate and then click Next. The available certificate types are listed. Select Computer for the Certificate types and then click Next twice. Then click Finish.

Click OK in response to the prompt that the certificate request was successful.

3.4. Using a third-party certificate

By default, Windows wireless clients already store a copy of the root CA certificates of many third-party CAs. Purchase a certificate for the IAS server from one of these CAs, and you will not need to configure the clients to trust the IAS certificate. You may use another third-party CA, but then you must install a copy of the CA's root certificate on every wireless client.

To configure the server by obtaining and installing an IAS/PEAP server certificate from Verisign, follow these steps:

  1. Obtain a certificate from Verisign.

  2. Install the certificate.

  3. If the certificate is automatically installed by the download routine, verify that the certificate is installed.

  4. If a proxy server is used, add the proxy server information using the local security context.

3.4.1. Obtaining and installing a Verisign certificate

This procedure obtains and installs a certificate from Verisign, but an Internet connection is needed from the IAS server (including the ability to run scripts). This additional risk can be avoided by obtaining the certificate using an administrative station (a computer dedicated for this type of administrative task) and then manually moving the certificate from the administrative station to the IAS server.

Log in to the IAS server. Alternatively (and to improve security), you can log on to an administrative machine. Open Internet Explorer. Browse to the Wireless LAN Server Certificates web page. Click the Buy button to open the WLAN Server Enrollment for Microsoft IAS Server page. Choose a validity period of 1 or 2 years. Enter the information requested and be sure to enter your email in the Enter Your Technical Contact Information text box on the page. Read the subscriber agreement. If you agree to the terms, click Accept.

Check your email for a message from Verisign that includes a URL and PIN. If you completed the steps in the previous paragraph from an administrative machine, log on to that machine. If you completed those steps from the IAS server, log on to the IAS server using a local Administrator account. (This account is used by the certificate installation program.)

Open Internet Explorer. Browse to the URL listed in the email message. Enter the PIN from the email message. Click Install. (The certificate is automatically installed if the page is accessed from the IAS server.) If an administrative machine is used, you must install the certificate manually on the IAS server (as detailed in the following section).

Click the Yes button when warned about a potential scripting violation. Use the Certificates console to verify that the certificate is installed.

3.4.2. Manually installing the WLAN certificate

If the IAS certificate is obtained using an administrative station, you must copy the certificate from this computer to the IAS computer and then install it.

Click the Start button, click Run, enter mmc, and then click OK. From the File menu, click Add/Remove Snap-in and click Add. Double-click the Certificates snap in. Select the Local Computer Account and then click Finish. Click Close. Use "File Save as" to name and save the console as Certificates.

In the console, expand the Certificates (Local Computer) node, expand Personal, and click Certificates. Select the certificate that is issued to the name you entered in the certificate enrollment process. From the Action menu, select All Tasks and then click Export.

Click Yes, export the private key, and then click Next. Click "Include all certificates in the certification path if possible" and then click Next. Enter a password to be used to import the certificate on the IAS server. Enter a filename and then click Finish.

Log on with local administrative privileges at the IAS server. Copy the file to the IAS server. Create a certificates console as described at the beginning of this section. In the console, expand the Certificates (Local Computer) node, expand Personal. From the Action menu, select All Tasks, click Import, and then click Next. Enter the name of certificate file (or browse to its location and select it). Enter the password you created earlier and then click Next. Ensure that "Place all certificates in the following store" points to the Personal store, and then click Next, followed by Finished.

3.4.3. Verifying the certificate is installed

If the certificate is obtained from the IAS server, it is automatically installed. Use the Certificates snap-in to verify the certificate is installed. Click the Start button, click Run, enter mmc, and then click OK. From the File menu, click Open. Double-click the Certificates console you saved previously. In the console, expand the Certificates (Local Computer) node, expand Personal, and click Certificates. In the details pane, search for the Versign WLAN server certificate.

3.4.4. Configuring proxy settings

The Verisign certificate revocation list (CRL) source will point to a Verisign server on the Internet. The CRL is necessary to check the certificate validity. If you use a proxy server between clients and the Internet, then you must configure IAS to use the proxy server. To configure proxy settings, use the Internet Explorer Connections page LAN Setting page.

3.5. Configuring the Windows XP wireless client to use 802.1x authentication

Windows XP enables IEEE 802.1x authentication using EAP-TLS authentication by default for LAN-based network adapters. The first step in configuring the XP wireless client is to configure the wireless network adapter. Select Control Panel → Settings → Network Connections → Wireless Network Connection. Click the Advanced button. Click the Add button to add a network. Select the Association tab, and enter the network SSID, as shown in Figure 8.

Figure 8. Add the SSID

Ensure that the "Data encryption (WEP enabled)" checkbox is checked. Select the Authentication tab and ensure that the "Enable IEEE 802.1x authentication for this network" checkbox is selected. Use the "EAP type" drop-down list to select Protected EAP (PEAP) or "Smart Card or other certificate," as shown in Figure 9.

Figure 9. Select the Authentication method

Click the Properties button. If a "Smart Card or other certificate" will be used for client authentication, first ensure that the "Validate server certificate" checkbox is checked. If multiple RADIUS servers are used, enter the portion of the RADIUS server DNS name that is common for all servers in the "Connect only if server name ends with:" box. Select the trusted root certificate in the Trusted root certificate authority drop-down list. The list of available certificates corresponds to the certificates stored in the computer's certificate store. If the username required for authentication is different than the one listed on the client certificate, then select "Use a different user name" for the connection checkbox. When prompted, select the client certificate from those presented.

If PEAP is selected, first ensure that the "Validate server certificate" checkbox is checked. Click the "Connect to these servers" box and enter the name of the RADIUS server. Select the "Trusted root certificate" in the "Trusted root certificate authority" list. The list of available certificates corresponds to the certificates stored in the computer certificate store. Use the Select an Authentication Method drop-down list to select Secured password (EAP MS-CHAPv2), as shown in Figure 10.

Figure 10. If PEAP is used and client certificates are not, select MS-CHAPv2

Click the Configure button to open the EAP MS-CHAPv2 Properties window. Uncheck "Automatically use my Windows logon name and password (and domain if any)." This will require the user to manually enter credentials before connecting using the wireless access. Furthermore, it will prevent connections by unauthorized personnel if the client computer is left unattended while the user is logged on. Click OK as many times as necessary to close the Network Connections property pages.

After a user connects to a wireless network using PEAP, his or her user credentials are stored in the registry and used to reauthenticate to the wireless network even after a reboot. To remove these credentials, use the registry editor and delete the following key (of course, using normal registry editing precautions): HKEY_CURRENT_USER\Software\Microsoft\Eapol\UserEapInfo.

4. Understanding and Using WPA

Wi-Fi Protected Access (WPA) is specified in the IEEE 802.11i wireless networking standard. Table 2 shows WPA specifics.

Table 2. WPA security specifics
Key managementRekeying of both unicast and global encryption keys.
Unicast encryption keyTemporal Key Integrity Protocol (TKIP) is used to change the unicast encryption key for every frame and synchronizes changes between the wireless client and the WAP. TKIP replaces WEP.
Global encryption keyThe wireless AP advertises the changed key to the connected wireless clients.
IntegrityThe Michael method calculates an 8-byte message integrity code (MIC).
Replay protectionA new frame counter in the 802.11 frame is used by MIC to help prevent replay attacks. (If a frame, identified by this counter has already been received, the frame will be dropped.)
EncryptionWPA specifies support for the Advanced Encryption Standard (AES) is optional.
Support for mixed WEP and WPA clientsDuring migration to WPA, a mixed client base of WPA and WEP clients can be supported. The WAP identifies which protocol the client is using. The global encryption key cannot be dynamic because WEP clients cannot support it. Other benefits are maintained (including integrity).

Wireless access points, network adapters, and client programs must support WPA. It may be possible to upgrade wireless access points and network cards via firmware updates provided by their manufacturers. Both access points and network cards must support the new WPA information element. They should be configured for WPA to support WPA two-phase authentication (EAP or RADIUS with 802.1x), TKIP, and Michael. Support for AES is optional.

Windows clients will require an updated network card driver that supports WPA. Windows XP and Windows Server 2003 clients require the driver to be capable of passing the adapter's WPA capabilities and security configuration to the Wireless Zero Configuration Service. In many cases, the updated driver (when installed on the client) will update both firmware and the network card driver.

Windows client software must be updated to permit configuration of WPA authentication, as well as shared key and WPA encryption algorithms (TKIP and optional AES).

Securing wireless access to your networks is a critical step in securing your networks. This section has detailed how to do so using IAS. By now, you can see how complex and detailed IAS configuration can be. No matter how you use IAS, it is extremely important to back up the configuration information so that you can more easily restore remote access operations in the case of server failure or other disaster. The next section applies to all uses of IAS.

Other -----------------
- Windows Server 2003 : Configuring IAS for Use with VLANs
- Windows Server 2003 : Using IAS to Protect the Network from Bad Computers
- Windows Server 2003 : Centralizing Authentication and Authorization with Internet Authentication Server - Configuring IAS as a RADIUS Proxy
- Windows Server 2003 : Centralizing Authentication and Authorization with Internet Authentication Server - Installing and Configuring IAS
- Windows Server 2003 : Centralizing Authentication and Authorization with Internet Authentication Server - The RADIUS Protocol
- Windows Server 2008 R2 : Optimizing Performance by Server Roles
- Windows Server 2008 : Monitoring System Performance (part 2)
- Windows Server 2008 : Monitoring System Performance (part 1) - Key Elements to Monitor for Bottlenecks
- Windows Server 2008 : Using Capacity-Analysis Tools (part 4) - Other Microsoft Assessment and Planning Tools
- Windows Server 2008 : Using Capacity-Analysis Tools (part 3) - Windows Performance Monitor
- Windows Server 2008: Using Capacity-Analysis Tools (part 2) - Network Monitor
- Windows Server 2008: Using Capacity-Analysis Tools (part 1) - Task Manager
- Windows Server 2008: Defining Capacity Analysis
- Windows Server 2008: Performance and Reliability Monitoring (part 3) - Reports
- Windows Server 2008: Performance and Reliability Monitoring (part 2)
- Windows Server 2008: Performance and Reliability Monitoring (part 1)
- Windows Server 2008: Using Event Viewer for Logging and Debugging (part 3) - Conducting Additional Event Viewer Management Tasks
- Windows Server 2008: Using Event Viewer for Logging and Debugging (part 2)
- Windows Server 2008: Using Event Viewer for Logging and Debugging (part 1)
- Windows Server 2008: Using the Task Manager for Logging and Debugging (part 2)
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us