Manage User Accounts for Remote VPN Access

You can add, modify, lock, or remove user accounts for Virtual Private Network (VPN) client access. When you create a new system user account, the account is locked. You must reset the password to enable access to the account.

To add a system user account for VPN client access:

  1. Under Administration, click System users.

  2. Click Add user account.

  3. Enter the Account name, First name, and Last name. The account name should contain only lower-case letters, numbers, hyphens, periods, underscores and should start with a lower-case letter. For example "betty", "hjohnson", and "mary-jane" are all valid account names, but "3friends", "John Smith", and "henry:miller" are not.

  4. Set VPN Client Access to Yes.

  5. Click Add.

  6. Click Reset Password and reset the password for the account. By default, passwords must be at least 8 characters. See Password quality requirements.

  7. From the list of users, you can modify or remove a user account (by clicking Modify or Remove next to the user name), or set the user's password. User accounts are locked out and cannot be used until you set the initial password for each account.

Parent topic: System Users

Manage Multiple Admin Accounts

You can create additional administrative accounts which have complete Server Manager access. This setting allows multiple users to have administrative access to the server without having to share the primary admin user account password.

The primary system admin account has privileges to create and modify any system account, including password resets of the sub-admin accounts. Additional sub-admins can only modify their own account information and do not have privileges to create additional administrative accounts.

Note:

  • It is strongly recommended that only a single admin user perform any system modification at one time to prevent concurrency issues.

  • Any logs produced, by operations performed by the logged in user, are recorded with the user login name for audit trail purposes.

To provide a system user account with Admin access:

  1. Under Administration, click System users.

  2. Click Add user account.

  3. Enter the Account name, First name, and Last name. The account name should contain only lower-case letters, numbers, hyphens, periods, underscores and should start with a lower-case letter. For example "betty", "hjohnson", and "mary-jane" are all valid account names, but "3friends", "John Smith", and "henry:miller" are not.

  4. Set Admin User Access to Yes.

  5. Click Add.

  6. Click Reset Password and reset the password for the account. By default, passwords must be at least 8 characters. See Password quality requirements.

    Note: Only ASCII characters are supported for sub-admin passwords.

  7. From the list of users, you can modify or remove a user account (by clicking Modify or Remove next to the user name), or set the user's password. User accounts are locked out and cannot be used until you set the initial password for each account.

Locking (Disabling) User Accounts

When an account is locked, the user will no longer be able to access server resources such as the VPN. To unlock the user account, reset the password using the Reset password link.

Changing User Passwords

Administrators can change user and/or administrator passwords by using the Reset password link for that user's account on the Users panel. This entry overrides any previous password entered. Passwords can contain any combination of printable characters, including upper- and lowercase letters, numbers, and punctuation marks. By default, passwords must be at least 8 characters. See Password quality requirements.

Note: There is no way to recover a forgotten password for a user. If this occurs, a new password must be set.

Digital Certificates for VPN Connections

For increased security, you can use SSL client certificates to authenticate VPN connections.

To implement this feature for a user, you must download a certificate from MSL, import the certificate to the user's computer, and then set up the user's VPN connection.

Downloading the Certificate from MSL

Use this procedure to download the user's digital certificate from MSL, the certificate authority (CA).

To download a certificate from MSL:

  1. Log in to the server manager remotely from a Windows PC.

  2. In the server manager under Administration, click System Users.

  3. Find an existing user (or set up a new user and reset the password).

  4. Click Download VPN certificate.

  5. Click Save or Save as and save the file to a location on your computer.

Importing the Certificate

Use this procedure to import the user's digital certificate to the user's computer.

Note: The following procedure outline how to import a certificate to Internet Explorer 9 in a Microsoft Windows environment. For instructions to perform these procedures on a different browser, refer to your product documentation.

To import a certificate to the user's computer:

  1. In Internet Explorer, click Tools > Internet Options.

  2. On the Content tab, click Certificates.

  3. Click Import.

  4. The Certificate Wizard opens. Click Next.

  5. Browse to the location of the stored certificate file.

    Note: The file may not be visible until you specify files with extension .pfx or .p12.

  6. Click Open and then click Next.

  7. In the Password dialog, click Next to continue. Do not enter a password for the private key.

  8. In the Certificate Store dialog, select Automatically select the certificate store based on the certificate type.

  9. Click Next. If Windows prompts you for confirmation to install the certificate, click Yes.

  10. Click Finish to complete the certificate import.

Setting Up the VPN Connection

Use the following procedures to set up a VPN connection on the user's computer:

Windows 7 VPN Setup

Creating the Connection

To create a VPN connection on a Windows 7 computer:

  1. Click Start > Control Panel > Network and Sharing Center.

  2. Click Set up a new connection or network.

  3. In the Connection Option list, select Connect to a Workplace.

  4. Select No, create a new connection if prompted, and then click Next.

  5. Select Use my Internet connection.

  6. Enter the server IP address or host name.

  7. Enter a Destination name for your VPN connection.

  8. Select Don’t connect now; just set it up and then click Next.

  9. Enter your User name. Password is not required if you are using certificate for authentication.

  10. Click Create and then click Close.

Configuring the Connection

To configure a VPN connection on a Windows 7 computer:

  1. Click Start > Control Panel > Network and Sharing Center.

  2. In the left-hand menu, click Change adapter settings.

  3. Right-click your VPN name and then click Properties.

  4. On the Networking tab, select Internet Protocol Version 4 and then click Properties.

  5. Click Advanced.

  6. Clear the Use default gateway on remote network check box.

  7. Click OK twice to return VPN Connection Properties dialog.

  8. On the Security tab, in the Type of VPN list, select Point to Point Tunneling Protocol (PPTP).

  9. Under Authentication, select Use Extensible Authentication Protocol (EAP).

  10. In the EAP list, select Microsoft: Smart Card or other certificate.

  11. Click Properties.

  12. Under “When connecting” select Use a certificate on this computer and then select OK.

  13. Choose whether to validate the server certificate. When selected, Windows prompts users to confirm that they're connecting to the correct server and that the certificate is valid. If you choose to enable validation, clear the Connect to these servers check box.

  14. Click OK until you return to the Control Panel > Network Connections dialog.

  15. Right-click on your VPN name and then click Connect to test the connection.

Windows 10 Setup

To create and configure a VPN connection on a Windows 10 computer:

  1. Click Start > Settings.

  2. Click VPN, and then click Add a VPN connection.

  3. Configure the following:

    • For the VPN Provider, select Windows (built-in).

    • For the Connection name, enter a name of your choice.

    • For the Server name or address, enter the server address.

    • For the VPN type, select Automatic.

    • For the Type of sign-in info, select Certificate.

    Do not enter a Password. Since you are using a certificate for authentication, It is not required.

  4. Select Remember my sign-in info, and then click Save.

  5. Click Connect to test the connection