Solution Overview
Applies To: Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista
This article describes a solution that uses three features of Windows:
Group Policy (https://go.microsoft.com/fwlink/?linkid=55625).
Group Policy enables administrators to push domain settings to managed computers. As a part of this solution, Group Policy is used to configure a PowerShell script as a logon script that creates a VPN connection. The PowerShell script runs every time the user logs on to the corporate network, and does not require manual intervention by the users. The network administrator defines the configuration, and then pushes them to the users by using Group Policy.
PowerShell scripting (https://go.microsoft.com/fwlink/?linkid=160176).
PowerShell embeds C# code that is run as a part of the script. This article describes a sample PowerShell script that has C# code and calls the RAS API entry points to create and configure VPN connections settings. The input to the PowerShell script is an Extensible Markup Language (XML) file containing the configuration for the VPN connection. As a network administrator, you must customize the XML file for the VPN services in your organization.
Note
PowerShell is included by default in computers that are running Windows Vista and later versions of Windows. It is not included with Windows XP, but can be downloaded and installed from the Microsoft Download Center. For more information, see PowerShell Scripting (https://go.microsoft.com/fwlink/?linkid=160176).
Remote Access Service (RAS) application programming interfaces (APIs) (https://go.microsoft.com/fwlink/?linkid=160178).
The remote access functionality built into Windows is accessible to programs through the RAS API set. This set of functions enables a program to create and configure remote access connections directly, without having to use the graphical Connection Manager interface.
These features are combined in the example documented in this guide to seamlessly configure VPN connection settings and deploy them for use. The solution describes how the Task Scheduler service can be used to configure scripts or run programs whenever a VPN connection is made to the VPN server. This solution can be used on any computer that is running Windows XP or a later version of Windows.
Note
Although this document only describes using the technique to create VPN connections, you could similarly use the RAS APIs in a PowerShell script to create Point-to-Point Protocol over Ethernet (PPPoE) or dial-up connections as well.
Next topic: Solution Architecture