Connection Manager Tools and Settings

Article
10/08/2009

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Connection Manager Tools and Settings

In this section

Connection Manager Tools
Connection Manager Predefined Custom Actions
Connection Manager Keys and Values
Connection Manager Registry Entries
Network Ports Used by Connection Manager
Related Information

This section contains information about the tools, predefined custom actions, keys and values, registry entries, and ports that are associated with Connection Manager. One of the tools for Connection Manager, the Connection Manager Administration Kit, includes several predefined custom actions. Predefined custom actions are executables that require minimal configuration from the administrator to perform common connection tasks, such as automatically downloading phone book updates. In addition to configuring predefined custom actions, administrators can configure hundreds of individual settings, called keys, to precisely control individual aspects of a Connection Manager service profile.

Connection Manager Tools

The following tools are associated with Connection Manager.

Cmak.exe: Connection Manager Administration Kit

Version compatibility

Connection Manager Administration Kit 1.3 is available as part of the Management and Monitoring Tools in Microsoft Windows Server 2003. It is compatible with Windows Server 2003 and with Microsoft Windows XP Professional if the Windows Server 2003 Administration Tools Pack is installed.

The Connection Manager Administration Kit wizard guides administrators through building service profiles that meet their networking needs. Administrators can configure predefined custom actions, define and include their own, or both. Administrators can customize most elements of a service profile, from graphics to authentication protocols. At the end of the wizard, the service profile is created and compressed into a self-installing, self-extracting executable that administrators can easily distribute.

For more information about the Connection Manager Administration Kit, see Connection Manager Administration Kit.

Pbserver.dll: Phone Book Service

Version compatibility

Phone Book Service is available as part of the Management and Monitoring Tools in Windows Server 2003. It is compatible with Windows Server 2003.

Phone Book Service (PBS) is an Internet Information Services (IIS) extension. When a service profile that is configured to check for phone book updates establishes a connection, the service profile queries the PBS server for a phone book update. PBS compares the version of the phone book that the service profile is using with the most recent files in the phone book database and then sends any updates to the service profile.

Pbadmin.exe: Phone Book Administrator

Version compatibility

Phone Book Administrator 1.2 is a Valueadd tool for Windows Server 2003 and Windows XP Professional. It is compatible with Windows Server 2003 and with Windows XP Professional.

Phone Book Administrator is a tool to create and maintain phone book files for use with Connection Manager service profiles. Each phone book is a collection of points of presence (POPs). Each POP provides a local access number, including connection settings, for a specific region within a country or dependency. PBA compresses phone books into .cab files and posts the files to the PBS server using File Transfer Protocol (FTP).

Connection Manager Predefined Custom Actions

The following predefined custom actions are included with Connection Manager Administration Kit.

Cmdl32.exe: Automatic Phone Book Download

Custom Action Type

Post-connect

Purpose

Automatically check for phone book updates; download and install updates as necessary.

Configuration

In the CMAK wizard, on the Phone Book page, select the Automatically download phone book updates check box, specify the URL for the PBS server in Connection Point Services server, and specify the name of phone book in Phone Book Name.

Associated keys:

PBFile
RegionFile
PBURL

For more information about automatic phone book downloads, see Providing phone book support. For more information about Connection Manager keys, see “Connection Manager Keys and Values" later in this section.

Cmproxy.dll: Automatic Proxy Configuration

Custom Action Type

Post-connect (configure user proxy settings); Disconnect (restore user proxy settings)

Purpose

Ensure that the user has appropriate access to internal and external resources by reconfiguring user proxy settings while the remote computer is connected to the organizational network.

Configuration

In the CMAK wizard, click Automatically configure proxy settings, specify the proxy file in Proxy settings file, and optionally select the Restore the users’ previous proxy settings after disconnecting check box.

Associated keys: none

To use automatic proxy configuration, administrators must include proxy settings files in plain text with the service profiles. The following table describes the syntax elements of a proxy setting file:

Key	Value
[Automatic Proxy]	No value. Section header for automatic proxy settings.
[Manual Proxy]	No value. Section header for manual proxy settings.
AutoProxyEnable	0 = Automatic proxy detection is disabled. 1 = Automatic proxy detection is enabled. Note: This feature is not supported for Internet Explorer 4 and earlier.
AutoConfigScriptEnable	0 = Automatic proxy script will not be executed. 1 = Automatic proxy script will be executed.
AutoConfigScript	The URL that points to the automatic proxy script.
ProxyEnable	0 = Manual proxy detection is disabled. 1 = Manual proxy detection is enabled.
ProxyServer	The name and the port of the proxy server.
ProxyOverride	The Domain Name System (DNS) addresses, separated by semi-colons, that should not be passed on to the proxy server. Use the <local> value to bypass the proxy server for local addresses. If the <local> value is included, it must be the final value in the string.

For more information about automatic proxy configuration, see Using automatic proxy configuration.

Cmroute.dll: Routing Table Updates

Custom Action Type

Post-connect

Purpose

To manage network traffic and security by reconfiguring user routing tables while the remote computer is connected to the organization network.

Configuration

In the CMAK wizard, on the Routing Table Update page, click Define a routing table update, specify the route file in Route file to include, optionally specify the URL for an updated route file in URL to route file, and optionally select the If this URL is unavailable, disconnect the client check box.

Associated keys: none

To use routing table updates, administrators must include routing table update files in plain text with the service profiles. Each line in those files adds or deletes a route. The syntax of each line is as follows:

Command DestinationMASKNetmask GatewayMETRICMetric IFInterface

Certain parameters can contain the value of default. In those cases, the appropriate information from the client computer is used. The following table provides more information on each parameter.

Parameter	Description
Command	Specifies whether to add or delete a route. ADD adds a route. DELETE deletes a route.
Destination	Specifies the destination IP address on the target network.
MASK	Specifies that the next parameter is the netmask value.
Netmask	Specifies the netmask.
Gateway	Specifies the gateway. Should contain the value of default.
METRIC	Specifies that the next parameter is the cost for the destination. The METRIC parameter is optional. If METRIC is not included, do not include Metric.
Metric	Specifies the cost for the destination. Should contain the value of default; its default value is 1.
IF	Specifies that the next parameter is the interface number.
Interface	Specifies the interface number. Should contain almost always contain the value of default.

To remove the default gateway, you can add the following line to the update file:

REMOVE_GATEWAY

Unlike the ADD and DELETE commands, the REMOVE_GATEWAY command requires no further syntax.

Routing table precedence

During the connection process, update files are applied in a specific sequence.

All update files are retrieved.
If a service profile contains an update file (static file), routing information from that file is applied to the client computer first.
If a service profile contains an update URL, routing information from that file (dynamic file) is applied to the client computer after the static file. The downloaded dynamic file is then immediately deleted.
If either the static file or the dynamic file contains the REMOVE_GATEWAY command, this command is run after all other routes have been applied.

Because of this order of precedence, a dynamic file could add routes, replace routes specified in the static file, or both.

If you use the default interface value, the routing changes that you specify are reversed when the user disconnects.

For more information about routing table updates, see Including routing table updates.

Cmdl32.exe /VPN: Download Update for VPN File

Custom Action Type

Post-connect

Purpose

Allows the automatic downloading of an updated VPN file from a specified server. For service profiles that support VPN files, this file is used to update the list of servers available on the VPN tab in the properties dialog box for the service profile. Users can choose a VPN server from the list to use for the connection. This tab also contains a customizable text message.

Configuration

In the CMAK wizard, on the VPN Support page, select the Phone book from this profile check box, click Allow the user to choose a VPN server before connecting, and specify a VPN file.

Associated keys:

TunnelFile
TunnelDUN

To enable users to choose a VPN server from a list when they connect to the network, administrators must include a VPN file in plain text with the service profile. The following table identifies sections, keys, and values that compose a VPN file.

[Section] or key name	Value
[Settings]	Section header for the keys that contain VPN settings.
Default	The friendly name of the default VPN server for this service profile. If you create this key but do not give it a value or if you do not create this key, the user must select a VPN server the first time the user connects using the service profile.
UpdateURL	The URL of the Web server that contains updates for this VPN file. If this key is added, a post-connect action is added automatically to the service profile. This post-connect action updates the VPN file.
Message	The text that appears on the VPN tab in the properties dialog box for the service profile. This message cannot exceed 256 characters, and it must be a single paragraph. If this key is created but left blank, default text is used.
[VPN Servers]	Section header for the keys that identify VPN servers.
FriendlyName	The name of this key is the friendly name of one of the VPN servers available to your users. The value of this key is the DNS or IP address of the VPN server for which you named the key. If you want this VPN server to use a specific set of network and security settings, you must follow the DNS address with a comma and the name of a VPN entry that you will edit in the VPN Entries page of the CMAK wizard. If you do not specify a VPN entry, the VPN server will use the settings for the default VPN entry.

For more information about user choice of VPN servers, see Implementing VPN support.

Connection Manager Keys and Values

The following keys and values are associated with Connection Manager. The online Help for the Connection Manager Administration Kit includes tables of all keys, settings, and values for Connection Manager, sorted by section header types as they are found in .cms files. The tables below are sorted by usage type. For more information about keys and values, see Advanced Customization.

Connection Manager Section Headings

These section headers define the keys that are contained within the sections.

[Section]	Value	Set in
[Animated Actions]	Specifies the keys that control when to play segments of the animation.	CMAK .cms
[Animated Logo]	Specifies the animation for the Connection Manager logon dialog box. The [Animated Logo] section specifies the location of the animation (.spl or .swf) file. This function is provided for compatibility with Connection Manager 1.0, which supports Macromedia Flash animation files. The AnimatedLogo key in the [Connection Manager] section determines whether an animation is used.	.cms
[Auto Applications]	Specifies monitored actions that run during a connection. Monitored actions are similar to custom actions, but they cause the disconnect sequence to start as soon as the last monitored application closes. This section uses the following keys: #, #&Flags, and #&Description. Unlike other custom actions, monitored actions do not support DLLs.	CMAK .cms
[Connect Actions]	Specifies the post-connect actions that run after a connection is established and, for VPN connections, after the tunnel is established. This section uses the following keys: #, #&Flags, and #&Description.	CMAK .cms
[Connection Manager]	Specifies miscellaneous service profile keys and values.	CMAK .cms .cmp
[CustomButton Actions]	Specifies the keys that control what programs start when the custom button is clicked. The format of the value is # = Program, where # is an ID number from 0 to n and Program is the complete name of the program, including the extension and the path to the program. Programs start in sequence: 0 first, 1 next, and so on. Custom button programs cannot be DLLs.	CMAK .cms
[Disconnect Actions]	Specifies the disconnect actions that run immediately before disconnecting. If a connection is prematurely dropped, these actions are run immediately after the disconnect. This section uses the following keys: #, #&Flags, and #&Description.	CMAK .cms
[Logging]	Specifies the logging keys.	.cms
[Menu Options]	Specifies the keys that control the shortcut menu that appears when a user right-clicks the notification area shortcut for your service profile.	CMAK .cms
[Networking&TunnelDUN]	Specifies the configuration to be used for all VPN connections. In this section title, TunnelDUN is the value of the TunnelDUN key in the [Connection Manager] section.	CMAK
[On-Cancel Actions]	Specifies the on-cancel actions that run when the user cancels a session after starting the connection attempt (any time that the user clicks Connect and then clicks Cancel). This section uses the following keys: #, #&Flags, and #&Description.	CMAK .cms
[On-Error Actions]	Specifies the on-error actions that run when an error occurs. This section uses the following keys: #, #&Flags, and #&Description.	CMAK .cms
[Pre-Connect Actions]	Specifies the pre-connect actions that run before a connection is established. This section uses the following keys: #, #&Flags, and #&Description.	CMAK .cms
[Pre-Dial Actions]	Specifies the pre-dial actions that run immediately before dialing. This section uses the following keys: #, #&Flags, and #&Description.	CMAK .cms
[Pre-Init Actions]	Specifies the pre-init actions that run as soon as the user accesses the profile. This section uses the following keys: #, #&Flags, and #&Description.	CMAK .cms
[Pre-Tunnel Actions]	Specifies the pre-tunnel actions that run after a connection is established but before a VPN connection is established. This section uses the following keys: #, #&Flags, and #&Description.	CMAK .cms
[Profile Format]	Specifies the service profile version.	CMAK .cms .cmp
[Scripting&EntryName]	Specifies the location (path and file name) of the script (.scp) file, where EntryName is the name of the dial-up entry.	CMAK
[Server&EntryName]	Specifies the configuration where EntryName is the name of the dial-up entry.	CMAK
[Server&TunnelDUN]	Specifies the configuration to be used for all VPN connections. In this section title, TunnelDUN is the value of the TunnelDUN key in the [Connection Manager] section. This section uses the same format as the [Server&EntryName] section, including all keys valid under that section.	CMAK .cms
[TCP/IP&EntryName]	Specifies the configuration where EntryName is the name of the dial-up entry.	CMAK .cms
[TCP/IP&TunnelDUN]	Specifies the TCP/IP configuration to be used for all VPN connections. In this section title, TunnelDUN is the value of the TunnelDUN key in the [Connection Manager] section. This section uses the same format as the [TCP/IP&EntryName] section, including all keys valid under that section. This section is created by the CMAK wizard, but the keys can be edited in the .cms file.	CMAK .cms

Keys that Control the Connection Manager User Interface

These keys control the appearance of the Connection Manager service profile.

Key	Description and values	Set in	Section
#	Controls what programs start when the custom button is clicked. The format of the value is # = Program, where # is an ID number from 0 to n and Program is the complete name of the program, including the extension and the path to the program. Programs start in sequence: 0 first, 1 next, and so on. Custom button programs cannot be DLLs.	CMAK .cms	[CustomButton Actions]
AnimatedLogo	Specifies whether an animation is used instead of a static bitmap in the Connection Manager logon dialog box. 0 (default) = Do not use animated graphic. 1 = Use animated graphic. The [Animated Logo] section specifies the location of the animation (.spl or .swf) file. This function is provided for compatibility with Connection Manager 1.0, which supports Macromedia Flash animation files.	CMAK .cms	[Connection Manager]
Authenticating	Specifies the starting frame number of the animation that plays during user authentication.	.cms	[Animated Actions]
Connected	Specifies the starting frame number of the animation that plays when a connection is established.	.cms	[Animated Actions]
CustomButtonText	Specifies the text that appears on a custom button on the Connection Manager logon dialog box. Custom buttons do not appear or function when a user uses a service profile to log on to Windows.	.cms	[Connection Manager]
CustomButtonToolTip	Specifies the text that appears on a ToolTip for a custom button on the Connection Manager logon dialog box. Custom buttons do not appear or function when a user uses a service profile to log on to Windows.	.cms	[Connection Manager]
DialAutoMessage	Specifies the text that appears when the Dial Automatically check box has been selected.	.cms	[Connection Manager]
Dialing0	Specifies the starting frame number of the animation that plays while the primary phone number is dialed.	.cms	[Animated Actions]
Dialing1	Specifies the starting frame number of the animation that plays while the backup phone number is dialed.	.cms	[Animated Actions]
DisableICS	Specifies whether to prevent the user from sharing the connection with Internet Connection Sharing (ICS). 0 (default) = Do not suppress ICS settings. 1 = Disable ICS for this connection. The check box for enabling ICS will be unavailable. Valid only for Windows XP and Windows Server 2003.	.cms	[Connection Manager]
Error	Specifies the starting frame number of the animation that plays at any connection error.	.cms	[Animated Actions]
HelpFile	Specifies the location (including name) of the custom Help file. Default Help file = The default value for this key is blank. When no value is specified, the standard Help file for service profiles is used.	CMAK	[Connection Manager]
HideAdvancedTab	Specifies whether to suppress the display of the Advanced tab in the properties dialog box for the service profile. 0 (default) = Do not suppress display of the Advanced tab. 1 = Suppress display of the Advanced tab. Valid only for Windows XP and Windows Server 2003.	.cms	[Connection Manager]
HideBalloonTips	Specifies whether to suppress display of balloon-tip help for this connection. 0 (default) = Do not suppress balloon-tip help. 1 = Suppress balloon-tip help.	.cms	[Connection Manager]
HideDelay	Specifies the time (in seconds) to delay before displaying the Phone Book Updates dialog box (with progress indicators and message). Default = Do not display the dialog box.	.cms	[Connection Manager]
HideDialAutomatically	Specifies whether the Connect automatically check box appears in the Connection Manager logon dialog box. 0 (default) = Display the check box. 1 = Do not display the check box. If HideRememberPassword is set to 1, that key value overrides the HideDialAutomatically setting.	.cms	[Connection Manager]
HideDomain	Specifies whether the Logon domain box appears in the Connection Manager logon dialog box. 0 = Display the box. 1 = Do not display the box. The default is 1. If the profile supports VPN connections and you have not previously set a value, CMAK sets this value to 0.	.cms	[Connection Manager]
HideInternetPassword	Specifies whether the Password box appears on the properties dialog box, on the Internet Logon tab. 0 (default) = Display the box. 1 = Do not display the box. If HideInternetPassword and HideInternetUsername are both set to 1, the Internet Logon tab does not appear.	.cms	[Connection Manager]
HideInternetUsername	Specifies whether the User name box appears on the Internet Logon tab. 0 (default) = Display the box. 1 = Do not display the box. If HideInternetPassword and HideInternetUsername are both set to 1, the Internet Logon tab does not appear.	.cms	[Connection Manager]
HidePassword	Specifies whether the Password box appears in the Connection Manager logon dialog box when dial-up connections are used. 0 (default) = Display the box. 1 = Do not display the box.	.cms	[Connection Manager]
HideRememberInternetPassword	Specifies whether the Save Password check box appears on the Internet Logon tab. If this key is not specified, the value of HideRememberPassword is used. 0 = Display check box. 1 = Do not display check box.	.cms	[Connection Manager]
HideRememberPassword	Specifies whether the Save Password check box appears on the Connection Manager logon dialog box and on the Internet Logon tab. 0 (default) = Display the check box. 1 = Do not display the check box. If HideRememberPassword is set to 1, it overrides the HideDialAutomatically setting.	.cms	[Connection Manager]
HideTrayIcon	Specifies whether to display notification area shortcuts. NULL = If TrayIcon is set, display the notification area shortcut specified. Otherwise, display the connection-status notification area shortcut (“blinking lights”). The NULL value is available for Microsoft Windows 2000, Windows XP, and Windows Server 2003 only. 0 = If TrayIcon is set, display the notification area shortcut specified and the connection-status notification area shortcut (“blinking lights”). Otherwise, display the Connection Manager notification area shortcut and the connection-status notification area shortcut (“blinking lights”). 1 = Do not display any notification area shortcuts. If you choose not to display any notification area shortcuts, edit the Help file to remove references to them.	.cms	[Connection Manager]
HideUserName	Specifies whether the User name box appears in the Connection Manager logon dialog box. 0 (default) = Display the box. 1 = Do not display the box.	.cms	[Connection Manager]
Icon	Specifies the location and name of the icon (.ico) file for the 32 32 pixel icon, which is used, by default, for the service profile. Default = The default value for this key is blank. When no value is specified, the standard program icon for Connection Manager is used.	CMAK	[Connection Manager]
Initial	Specifies the starting frame number of the animation that plays when Connection Manager starts.	.cms	[Animated Actions]
Logo	Specifies the location and name of the .bmp file that appears in the Connection Manager logon dialog box. Default = The default value for this key is blank. When no value is specified, the standard logon bitmap for Connection Manager is used.	CMAK	[Connection Manager]
MaxDomain	Specifies the maximum length of the domain name that the user can type. Default = 15 characters.	.cms	[Connection Manager]
MaxPassword	Specifies the maximum length of the password that the user can type. Default = 127 bytes.	.cms	[Connection Manager]
MaxPhoneNumber	Specifies the maximum length of the phone number fields. The default for Microsoft Windows 95, Windows 98, and Windows Millennium Edition is 36; the default for Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 is 80.	.cms	[Connection Manager]
MaxUserName	Specifies the maximum length of the user name that the user can type. Default = 256 bytes.	.cms	[Connection Manager]
MenuItemName	Specifies the command to be run from the shortcut menu. Shortcut menu commands use the format MenuItemName = Program, where MenuItemName is the descriptive name that appears on the shortcut menu and Program is the name of the executable file (.exe or other shell executable), including any parameters that the program requires. For example, if you wanted to add Notepad to the menu with the command name “Editor,” the line would be Editor = Notepad.exe. Default commands = Status and Disconnect. These programs are available in a shortcut menu that appears when a user right-clicks the notification area shortcut. Applications are listed in the menu in the same sequence as they are listed in the .cms file.	CMAK	[Menu Options]
Movie	Specifies the location of the animation file that appears in place of the static bitmap in the Connection Manager logon dialog box. Settings in the [Animated Actions] section control how the animation plays based on the connection state.	.cms	[Animated Logo]
NoDialingRules	Specifies whether the user can use dialing rules on access numbers chosen from a phone book. Dialing rules check boxes are unavailable when the value of this key is set to 1. 0 (default) = Allow dialing rules. 1 = Do not allow dialing rules.	.cms	[Connection Manager]
NoPromptReconnect	Specifies whether the user is prompted for reconnection when the connection is inadvertently dropped. 0 (default) = Prompt the user. 1 = Do not prompt the user.	.cms	[Connection Manager]
Parameter	Specifies other animation parameters passed from software used to create the animation. An example of such a parameter is Quality = 3.	.cms	[Animated Logo]
Pausing	Specifies the starting frame number of the animation that plays during pauses between dials.	.cms	[Animated Actions]
PBLogo	Specifies the location and name of the .bmp file for the Phone Book dialog box. Default = The default value for this key is blank. When nothing is specified, the standard phone book bitmap is used.	CMAK	[Connection Manager]
PBMessage	Specifies the text that appears in the Phone Book dialog box next to the More access numbers box when alternate access numbers are available for the selected geographic region. Maximum = Approximately 100 characters.	CMAK	[Connection Manager]
PBUpdateMessage	Specifies the text that appears in the Phone Book dialog box during a phone book update. Default = “Downloading new phone book.”	.cms	[Connection Manager]
ResetPassword	Specifies whether the New button appears in the Connection Manager logon dialog box to enable a user to change the password. You can use this button to set up a custom password option. Type the location (including the name) of the executable (.exe) program that you use to support this process. You must provide an executable program for this option and include it as an additional file when you run the CMAK wizard.	.cms	[Connection Manager]
ServiceMessage	Specifies the service message that appears in the Connection Manager logon dialog box. This text is usually a customer-support number for the service. Maximum = Approximately 50 characters.	CMAK	[Connection Manager]
ServiceName	Specifies the primary identifier for the profile. This text appears in the Connection Manager logon dialog box as the service name and as the name of the connection. Maximum = Approximately 35 characters. Do not use any of the following in this name: * \ / : ? < > \| [ ]	CMAK	[Connection Manager]
SmallIcon	Specifies the location and name of the icon (.ico) file for the 16 16 pixel icon, which is used, by default, for the title bar. Default = The default value for this key is blank. When nothing is specified, the standard icon for the Connection Manager title bar is used.	CMAK	[Connection Manager]
TrayIcon	Specifies the location and name of the icon (.ico) file for the notification area shortcut. Default = The default value for this key is blank. When nothing is specified, the notification area shortcut for Connection Manager is used.	CMAK	[Connection Manager]
Tunneling	Specifies the starting frame number of the animation that plays while a VPN connection is being established.	.cms	[Animated Actions]
UserNameOptional	Specifies whether the user must type a user name in the Connection Manager logon and Internet logon dialog boxes. 0 (default) = User name required. 1 = User name not required.	.cms	[Connection Manager]

Keys that Control Dial-up Settings

These keys control how the Connection Manager service profile makes a dial-up connection.

Key	Description and values	Set in	Section
CMSFile&MergedProfile	Specifies the location of a .cms file for a component service profile. The format is CMSFile&MergedProfile=Location, where MergedProfile is the name of the top-level service profile, and Location is the location of the .cms file for the component service profile.	CMAK	[ISP]
ConnectionType	Specifies the connection method to be used. 0 (default) = Connect by using a dial-up connection. 1 = Connect by using a direct connection (for example, DSL). This key is valid only if both the Dialup key and the Direct key are set to 1. The user can change this option on the General tab in the properties dialog box of the service profile.	.cmp	[Connection Manager]
Custom_Security	Applies specific security settings on computers that are running Windows 2000, Windows XP, or Windows Server 2003. 0 = Use standard configuration. 1 (default) = Use custom configuration. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&EntryName]
CustomAuthData#	Specifies the configuration data for the Extensible Authentication Protocol (EAP) type. The format is CustomAuthData#=EAPConfigurationData, where # is the number of the specific line of data, for example: CustomAuthData0=1AFGKLMOFGH23K Each line can contain a maximum of 128 characters. If the configuration data has more than 128 characters, it must be specified as multiple lines, incrementing the number for each line of data. For example: CustomAuthData0=First128Characters CustomAuthData1=Next128Characters CustomAuthData2=FinalCharacters Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&EntryName]
CustomAuthKey	Specifies the ID of the EAP type to be used with this connection. The format is CustAuthKey=ID, where ID is the Internet Assigned Numbers Authority (IANA) ID for the EAP type. If no ID is specified, no attempt will be made to read the CustomAuthData value. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&EntryName]
DataEncrypt	Specifies whether to force data encryption. This key is ignored for service profiles in which the EncryptionType key is set and that are installed on Windows 2000, Windows XP, or Windows Server 2003. 0 (default for dial-up entries) = Do not encrypt data. 1 (default for VPN entries) = Encrypt data.	CMAK	[Server&EntryName]
Dialup	Specifies whether dial-up connections are supported. If this key is set to 0, the General tab in the properties dialog box of the service profile will not appear. 0 = No. 1 (default) = Yes.	.cms	[Connection Manager]
Disable_LCP	Specifies whether to enable Link Control Protocol (LCP) extensions. 0 (default) = Enable. 1 = Disable.	.cms	[Server&EntryName]
DisableNbtOverIP	Specifies whether to disable the NetBIOS over TCP/IP (NetBT) routing protocol for this connection. 0 (default) = Disable NetBT. 1 = Leave NetBT enabled.	.cms	[Server&EntryName]
DNS_Address	Specifies the DNS address to use for the dial-up entry.	CMAK	[TCP/IP&EntryName]
DNS_Alt_Address	Specifies the alternate DNS address to use for the dial-up entry.	CMAK	[TCP/IP&EntryName]
DNSSuffix	Specifies the DNS suffix to use for the dial-up entry. Valid only for Windows XP and Windows Server 2003.	.cms	[TCP/IP&EntryName]
DontNegotiateMultilink	Specifies whether to allow multilinking. 0 (default) = Allow multilink. 1 = Do not allow multilink. Valid only for Windows XP and Windows Server 2003.	.cms	[Server&EntryName]
DontUseRasCredentials	Specifies whether to cache the credentials of the user in Stored User Names and Passwords for access to resources after the user has logged on to the network. 0 (default) = Cache and use credentials. 1 = Do not cache and use credentials. Valid only for Windows XP and Windows Server 2003.	.cms	[Server&EntryName]
DownloadDelay	Specifies the time (in seconds) to delay before downloading phone book updates. The delay time starts when the connection is established. Default = 15 seconds. This entry is valid only when, in the CMAK wizard, in the Phone Book dialog box, the Automatically download phone book updates check box is selected.	.cms	[Connection Manager]
DUN	Specifies the default network entry used when the Dial-up Networking Entry box for a POP is blank. Default = ServiceProfileServiceName.	.cms	[Connection Manager]
EncryptionType	Specifies which encryption level to use. 0 = None. 1 (default for VPN) = Require. 3 (default for dial-up) = Optional. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&EntryName]
EnforceCustomSecurity	Specifies whether to require the user to choose a phone book entry that supports advanced security settings. 0 (default) = Do not enforce phone book entry selection (Valid only for Windows 95, Windows 98, Windows NT 4.0, and Windows Millennium Edition). 1 = Enforce selection of phone book entries that support advanced security settings.	CMAK	[Server&EntryName]
FilterA&MergedProfile	Specifies the name of the filter to apply to the phone book of the component profile. The format is FilterA&MergedProfile = FilterName. MergedProfile is the name of the component service profile, as specified in the References key in the .cms file, and FilterName is the name of the filter to apply. The phone numbers that meet the filter criteria appear in the Phone Book dialog box, in the Access numbers list.	CMAK	[ISP]
FilterA&ServiceProfile	Specifies the name of the filter to apply to the access numbers of the top-level profile. The selected phone numbers appear in Connection Manager, in the Phone Book dialog box, in the Access numbers list. Default = NoSurchargeSignon	.cms	[ISP]
FilterB&MergedProfile	Specifies the name of the filter to apply to the phone book of the component profile. The format is FilterB&MergedProfile = FilterName. MergedProfile is the name of the component service profile, as specified in the References key in the .cms file, and FilterName is the name of the filter to apply. The phone numbers that match the filter criteria appear in Connection Manager, in the Phone Book dialog box, in the More access numbers list.	CMAK	[ISP]
FilterB&ServiceProfile	Specifies the name of the filter to apply to the phone book of the top-level profile, for example: FilterB& = SurchargeSignon Phone numbers that match the filter criteria appear in Connection Manager, in the Phone Book dialog box, in the More access numbers list. Default = SurchargeSignon.	.cms	[ISP]
Gateway_On_Remote	Specifies whether to use the default gateway on the remote private network. 0 = Do not use. 1 (default) = Use.	CMAK	[TCP/IP&EntryName]
IdleTimeout	Specifies how long (in minutes) that the connection must be idle before it is disconnected the first time that the service profile is used to connect. Default = 10 minutes. If this key is set to 0, idle connections are not disconnected.	.cmp	[Connection Manager]
IP_Address	Specifies the static IP addresses for the dial-up entry.	.cms	[TCP/IP&EntryName]
IP_Header_Compress	Specifies whether to enable IP header compression. 0 = Not enabled. 1 (default) = Enabled.	CMAK	[TCP/IP&EntryName]
IsdnDialMode	Specifies whether Connection Manager binds two channels on the same ISDN device. 0 (default) = Do not bind (use single channel only). 1 = Always bind the two channels (connect both channels automatically). If a dual channel connection cannot be made, the connection attempt will fail. This value is valid only for Windows NT 4.0, Windows 2000, Windows Millennium Edition, Windows XP, and Windows Server 2003. 2 = Attempt to bind the two channels (connect with both channels). If the two channels cannot be bound, use a single channel. This value is valid only for Windows 2000, Windows XP, and Windows Server 2003.	.cms	[Connection Manager]
Mask&FilterName	Specifies the mask value for FilterName.	.cms	[ISP]
Match&FilterName	Specifies the match value for FilterName.	.cms	[ISP]
Name	Specifies the location (including path and file name) of the script (.scp) file for the dial-up entry.	CMAK	[Scripting&EntryName]
Negotiate_IPX	Specifies whether to negotiate the Internetwork Packet Exchange (IPX) protocol. 0 (default) = Do not negotiate. 1 = Negotiate. The IPX/SPX protocol is not available on Windows XP 64-Bit Edition and the 64-bit versions of Windows Server 2003.	.cms	[Server&EntryName]
Negotiate_NetBEUI	Specifies whether to negotiate the NetBIOS extended user interface (NetBEUI) protocol. 0 (default) = Do not negotiate. 1 = Negotiate	.cms	[Server&EntryName]
Negotiate_TCP/IP	Specifies whether to negotiate TCP/IP. 0 = Do not negotiate. 1 (default) = Negotiate.	.cms	[Server&EntryName]
NetworkLogon	Specifies whether to log on to the network. 0 = Do not log on. This is the default for dial-up connections. 1 = Log on. This is the default for VPN connections.	CMAK	[Server&EntryName]
PBFile	Specifies the location of the phone book (.pbk) file that the service profile uses.	CMAK	[ISP]
PBURL	Specifies the Uniform Resource Locator (URL) for the Phone Book Service (PBS) server.	CMAK	[ISP]
PW_Encrypt	Specifies whether to encrypt a password for authentication. 0 (default) = Do not encrypt. 1 = Encrypt.	CMAK	[Server&EntryName]
PW_EncryptMS	Specifies whether to require MS-CHAP version 1 for this connection. 0 = Do not require MS-CHAP v1. 1 = Require MS-CHAP v1.	CMAK	[Server&EntryName]
RedialCount	Specifies the number of redials to attempt the first time that the service profile is used to try to connect. Default = 3.	.cmp	[Connection Manager]
RedialDelay	Specifies the delay (in seconds) between dial attempts. The delay is the elapsed time between the point of failure of the first call and the dialing of the first digit of the next phone number. Default = 5 seconds.	.cms	[Connection Manager]
References	Specifies the service profiles merged through the CMAK wizard. Profile names are separated by commas, tabs, or spaces. Each name is used as a reference to that profile.	CMAK	[ISP]
RegionFile	Specifies the location of the region (.pbr) file that the service profile uses.	CMAK	[ISP]
Require_CHAP	Specifies whether Challenge Handshake Authentication Protocol (CHAP) is allowed. 0 = Not allowed. 1 (default) = Allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&EntryName]
Require_EAP	Specifies whether Extensible Authentication Protocol (EAP) is allowed. 0 (default) = Not allowed. 1 = allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&EntryName]
Require_MSCHAP	Specifies whether MSCHAP is allowed. 0 = Not allowed. 1 (default) = Allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&EntryName]
Require_MSCHAP2	Specifies whether MSCHAP2 is allowed. 0 = Not allowed. 1 (default) = Allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&EntryName]
Require_PAP	Specifies whether Password Authentication Protocol (PAP) is allowed. 0 (default) = Not allowed. 1 = Allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&EntryName]
Require_SPAP	Specifies whether SPAP is allowed. 0 (default) = Not allowed. 1 = Allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&EntryName]
Require_W95MSCHAP	Specifies whether W95MSCHAP is allowed. If the value for this key is set to 1, the value for Require_MS-CHAP must also be set to 1. 0 (default) = Not allowed. 1 = Allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	.cms	[Server&EntryName]
SecureClientForMSNet	Specifies whether to allow the use of NetBT. If this key is set, the value of the SecureLocalFiles key is ignored on Windows XP and Windows Server 2003. 0 (default) = Allow the use of NetBT. 1 = Do not allow the use of NetBT. Valid only for Windows XP and Windows Server 2003.	.cms	[TCP/IP&EntryName]
SecureFileAndPrint	Specifies whether to enable file and print sharing. If this key is set, the value of the SecureLocalFiles key is ignored on Windows XP and Windows Server 2003. 0 (default) = Enable. 1 = Disable. Files and print resources will not be shared. Valid only for Windows XP and Windows Server 2003.	.cms	[Server&EntryName]
SecureLocalFiles	Specifies whether to share local files and allow printer sharing. If the value of the key is set to 1, it will disable NetBT on Windows 2000, Windows XP, and Windows Server 2003. This key is ignored on Windows XP and Windows Server 2003 if a value is assigned to the SecureClientForMSNet key, the SecureFileAndPrint key, or both. 0 (default) = Share local files. 1 = Do not share local files. Valid only for Windows NT, Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[TCP/IP&EntryName]
ServiceType	Specifies a service type as a filter name to be applied to the phone book of the component profile. The format of the entry is ServiceType=FilterName, where ServiceType is the name as it appears in the Phone Book dialog box in the Service type list, and FilterName is the name of the filter to be associated with the entry. For example: ISDN Multicast = MulticastISDN A service type name should include no more than 25 characters. You can concatenate service type names by inserting a space between each name. At least two service types must be defined in order for phone numbers to appear in the properties dialog box for the service profile.	.cms	[Service Type]
Specify_IP_Address	Specifies whether to specify a static IP address for the dial-up entry. 0 (default) = Do not specify. 1 = Specify.	.cms	[TCP/IP&EntryName]
Specify_Server_Address	Specifies whether to specify static DNS or Windows Internet Name Service (WINS) addresses for the dial-up entry. 0 (default) = Do not specify. 1 = Specify.	CMAK	[TCP/IP&EntryName]
SW_Compress	Specifies whether to negotiate PPP software compression of data. 0 = Do not negotiate. 1 (default) = Negotiate.	.cms	[Server&EntryName]
TcpWindowSize	Specifies the size (in bytes) of the window offered by the connection. The window is the number of bytes of information to send before expecting a return packet. Minimum value is 4,096; maximum value is 65,500. If this key is not set, the default window size for the operating system and the connection type is used. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	.cms	[TCP/IP&EntryName]
UseTerminalWindow	Specifies whether to use a terminal window when connecting to a service. 0 (default) = Do not use a terminal window. 1 = Use a terminal window. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	.cms	[Scripting&EntryName]
Version	Specifies the version of the phone book. If you provide phone books, the PBS server uses this value to determine whether and how to update phone books. If the version listed in this key is more than five versions out of date, the PBS server downloads the complete phone book. Otherwise, the PBS server downloads a delta file.	.cms	[Connection Manager]
WINS_Address	Specifies the WINS address for the dial-up entry.	CMAK	[TCP/IP&EntryName]
WINS_Alt_Address	Specifies the alternate WINS address for the dial-up entry.	CMAK	[TCP/IP&EntryName]

Keys that control VPN settings

These keys control how the Connection Manager service profile makes a VPN connection.

Key	Description and values	Set in	Section
ConnectionType	Specifies the connection method to be used. 0 (default) = Connect by using a dial-up connection. 1 = Connect by using a direct connection (for example, DSL). This key is valid only if both the Dialup key and the Direct key values are set to 1. The user can change this option in the properties dialog box for the service profile on the General tab.	.cmp	[Connection Manager]
Custom_Security	Specifies whether specific security settings should be applied on computers that are running Windows 2000, Windows XP, or Windows Server 2003. 0 = Use standard configuration. 1 (default) = Use custom configuration. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&TunnelDUN]
CustomAuthData#	Specifies the configuration data for the EAP type. The format is CustomAuthData#=EAPConfigurationData, where # is the number of the specific line of data, for example: CustomAuthData0=1AFGKLMOFGH23K Each line can contain a maximum of 128 characters. If the ID has more than 128 characters, it must be specified as multiple lines, incrementing the # value for each line of data. For example: CustomAuthData0=First128Characters CustomAuthData1=Next128Characters CustomAuthData2=FinalCharacters Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&TunnelDUN]
CustomAuthKey	Specifies the ID of the EAP type to use with this connection. The format is CustAuthKey=ID, where ID is the Internet Assigned Numbers Authority (IANA) ID for the EAP type. If no ID is specified, no attempt will be made to read the CustomAuthData value. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&TunnelDUN]
DataEncrypt	Specifies whether to force data encryption. This key is ignored for service profiles in which the EncryptionType key is set and that are installed on Windows 2000, Windows XP, or Windows Server 2003. 0 (default for dial-up entries) = Do not encrypt data. 1 (default for VPN entries) = Encrypt data.	CMAK	[Server&TunnelDUN]
Direct	Specifies whether direct connections are supported. 0 = No. 1 (default) = Yes. Valid only for VPN service profiles.	.cms	[Connection Manager]
Disable_LCP	Specifies whether to enable Link Control Protocol (LCP) extensions. 0 (default) = Enable. 1 = Disable.	.cms	[Server&TunnelDUN]
DisableNbtOverIP	Specifies whether to disable the NetBT routing protocol for this connection. 0 (default) = Disable NetBT. 1 = Leave NetBT enabled.	.cms	[Server&TunnelDUN]
DNS_Address	Specifies the DNS address for the VPN entry.	CMAK	[TCP/IP&TunnelDUN]
DNS_Alt_Address	Specifies the alternate DNS address for the VPN entry.	CMAK	[TCP/IP&TunnelDUN]
DNSSuffix	Specifies the DNS suffix to use for the connection. Valid only for Windows XP and Windows Server 2003.	.cms	[TCP/IP&TunnelDUN]
DontNegotiateMultilink	Specifies whether to allow multilinking. 0 (default) = Allow multilinking. 1 = Do not allow multilinking. Valid only for Windows XP and Windows Server 2003.	.cms	[Server&TunnelDUN]
DontUseRasCredentials	Specifies whether to cache the user credentials in Stored User Names and Passwords for access to network resources after the user has logged on to the network. 0 (default) = Cache and use credentials. 1 = Do not cache and use credentials. Valid only for Windows XP and Windows Server 2003.	.cms	[Server&TunnelDUN]
EncryptionType	Specifies which encryption level to use. 0 = None. 1 (default for VPN) = Require. 3 (default for dial-up) = Optional. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&TunnelDUN]
EnforceCustomSecurity	Specifies whether to require the user to select a phone book entry that supports advanced security settings. 0 (default) = Do not enforce phone book entry selection. This value is valid for Windows 95, Windows 98, Windows NT 4.0, and Windows Millennium Edition only. 1 = Enforce selection of phone book entries that support advanced security settings.	CMAK	[Server&TunnelDUN]
Gateway_On_Remote	Specifies whether to use the default gateway on the remote private network. 0 = Do not use. 1 (default) = Use.	CMAK	[TCP/IP&TunnelDUN]
IP_Address	Specifies the static IP addresses for the VPN entry.	.cms	[TCP/IP&TunnelDUN]
IP_Header_Compress	Specifies whether to enable IP header compression. 0 = Not enabled. 1 (default) = Enabled.	CMAK	[TCP/IP&TunnelDUN]
Negotiate_IPX	Specifies whether to negotiate the IPX protocol. 0 (default) = Do not negotiate. 1 = Negotiate. The IPX/SPX protocol is not available on Windows XP 64-Bit Edition and the 64-bit versions of Windows Server 2003.	.cms	[Server&TunnelDUN]
Negotiate_NetBEUI	Specifies whether to negotiate the NetBIOS extended user interface (NetBEUI) protocol. 0 (default) = Do not negotiate. 1 = Negotiate	.cms	[Server&TunnelDUN]
Negotiate_TCP/IP	Specifies whether to negotiate TCP/IP. 0 = Do not negotiate. 1 (default) = Negotiate.	.cms	[Server&TunnelDUN]
NetworkLogon	Specifies whether to log on to the network. 0 = Do not log on. This is the default for dial-up connections. 1 = Log on. This is the default for VPN connections.	CMAK	[Server&TunnelDUN]
PW_Encrypt	Specifies whether to encrypt a password when authenticating. 0 (default) = Do not encrypt. 1 = Encrypt.	CMAK	[Server&TunnelDUN]
PW_EncryptMS	Specifies whether to require MS-CHAP version 1 for this connection. 0 = Do not require MS-CHAP v1. 1 = Require MS-CHAP v1.	CMAK	[Server&TunnelDUN]
Require_CHAP	Specifies whether Challenge Handshake Authentication Protocol (CHAP) is allowed. 0 = Not allowed. 1 (default) = Allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&TunnelDUN]
Require_EAP	Specifies whether Extensible Authentication Protocol (EAP) is allowed. 0 (default) = Not allowed. 1 = allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&TunnelDUN]
Require_MSCHAP	Specifies whether MSCHAP is allowed. 0 = Not allowed. 1 (default) = Allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&TunnelDUN]
Require_MSCHAP2	Specifies whether MSCHAP2 is allowed. 0 = Not allowed. 1 (default) = Allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&TunnelDUN]
Require_PAP	Specifies whether Password Authentication Protocol (PAP) is allowed. 0 (default) = Not allowed. 1 = Allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&TunnelDUN]
Require_SPAP	Specifies whether SPAP is allowed. 0 (default) = Not allowed. 1 = Allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&TunnelDUN]
Require_W95MSCHAP	Specifies whether W95MSCHAP is allowed. If this key is set to 1, Require_MS-CHAP must also be set to 1. 0 (default) = Not allowed. 1 = Allowed. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	.cms	[Server&TunnelDUN]
SecureClientForMSNet	Specifies whether to allow the use of NetBT. If this key is set, the value of the SecureLocalFiles key is ignored on Windows XP and Windows Server 2003. 0 (default) = Allow the use of NetBT. 1 = Do not allow the use of NetBT. Valid only for Windows XP and Windows Server 2003.	.cms	[Server&TunnelDUN]
SecureFileAndPrint	Specifies whether to enable file and print sharing. If this key is set, the SecureLocalFiles key is ignored on Windows XP and Windows Server 2003. 0 (default) = Enable. 1 = Disable. Files and print resources will not be shared. Valid only for Windows XP and Windows Server 2003.	.cms	[Server&TunnelDUN]
SecureLocalFiles	Specifies whether to share local files and allow printer sharing. If the value of the key is set to 1, it will disable NetBT on Windows 2000, Windows XP, and Windows Server 2003. This key value will be ignored on Windows XP and Windows Server 2003 if a value is assigned to the SecureClientForMSNet key, the SecureFileAndPrint key, or both. 0 (default) = Share local files. 1 = Do not share local files. Valid only for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Server&TunnelDUN]
Specify_IP_Address	Specifies whether to specify a static IP address. 0 (default) = Do not specify. 1 = Specify.	.cms	[TCP/IP&TunnelDUN]
Specify_Server_Address	Specifies whether to specify static DNS or WINS addresses. 0 (default) = Do not specify. 1 = Specify.	CMAK	[TCP/IP&TunnelDUN]
SW_Compress	Specifies whether to negotiate Point-to-Point Protocol (PPP) software compression of data. 0 = Do not negotiate. 1 (default) = Negotiate.	.cms	[Server&TunnelDUN]
TcpWindowSize	Specifies the size (in bytes) of the window offered by the connection. The window is the number of bytes of information to send before expecting a return packet. Minimum value is 4,096; maximum value is 65,500. If this key is not set, the default window size for the operating system and the connection type is used. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	.cms	[TCP/IP&TunnelDUN]
Tunnel	Specifies whether VPN connections are enabled for the phone numbers in the top-level phone book. 0 (default) = Not enabled. 1 = Enabled.	CMAK	[Connection Manager]
TunnelAddress	Specifies the IP address or fully qualified domain name for the VPN server.	CMAK	[Connection Manager]
TunnelDUN	Specifies the default networking entry used for VPN connections. Default = ServiceProfileServiceName tunnel.	.cms	[Connection Manager]
TunnelFile	Specifies the relative path and file name to the VPN file. If you use macros in the relative path, make sure that the macros are recognized on all operating systems to which you want to distribute the profile.	CMAK	[Connection Manager]
TunnelReferences	Specifies whether VPN connections are enabled for phone numbers taken from the phone book of a component profile. 0 (default) = Do not use a VPN connection when using any of these phone numbers. 1 = Use a VPN connection when using a phone number from a component profile.	CMAK	[Connection Manager]
UsePreSharedKey	Specifies whether to use a preshared key for Layer Two Tunneling Protocol over Internet Protocol security (L2TP/IPSec) authentication. 0 (default) = Do not use a preshared key. 1 = Use a preshared key. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Networking&TunnelDUN]
VPNEntry	Specifies whether the entry is a VPN entry or a dial-up entry. 0 = Dial-up entry. 1 = VPN entry.	CMAK	[Networking&TunnelDUN]
VpnStrategy	Specifies which tunneling protocol to use when establishing a VPN connection. 1 = Use PPTP only. 2 = Try PPTP first. 3 = Use L2TP only. 4 = Try L2TP first. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	CMAK	[Networking&TunnelDUN]
WINS_Address	Specifies the WINS address for the VPN entry.	CMAK	[TCP/IP&TunnelDUN]
WINS_Alt_Address	Specifies the alternate WINS address for the VPN entry.	CMAK	[TCP/IP&TunnelDUN]

Keys that Control Required User Information

These keys control what information the service profile requires before the user can click .Connect

Key	Description and values	Set in	Section
DomainOptional	Specifies whether the user must specify a domain name when making a connection. 0 = Require a domain. 1 (default) = Do not require a domain.	.cms	[Connection Manager]
GlobalCredentials	Specifies whether to save the user name and password supplied for first-time use of the connection for all users of the connection. 0 (default) = Save the user name and password for a single user. 1 = Save the user name and password for all users of the connection. Valid only for Windows XP and Windows Server 2003.	.cmp	[Connection Manager]
PasswordOptional	Specifies whether the user must specify a password in the Connection Manager logon and Internet Logon dialog boxes. 0 (default) = Password required. 1 = Password not required.	.cms	[Connection Manager]
UseSameUserName	Specifies whether to use a separate user name and password when connecting to the Internet service provider (for a VPN connection). 0 (default) = Use the user name and password in the properties dialog box on the Internet Logon tab. Service profiles built to support VPN connections contain this additional tab. 1 = Use the same user name and password when connecting to the Internet service provider as appears in the Connection Manager logon dialog box for logging on to the private service.	CMAK	[Connection Manager]
UseWinLogonCredentials	Specifies whether to use the user name, password, and domain that the user specified when the user logged on most recently to Windows. 0 = Do not use credentials. 1 (default) = Use credentials. Valid only for Windows 2000, Windows XP, and Windows Server 2003.	.cms	[Connection Manager]

Keys that Provide Data the First Time the Service Profile is Used

These keys populate information in the Connection Manager user interface the first time that a service profile is used.

Key	Description and values	Set in	Section
Description0	Describes the primary phone number that is provided the first time that the service profile is used. Appears in the Phone Book dialog box as a Point of Presence (POP) name.	.cmp	[Connection Manager]
Description1	Describes the backup phone number that is provided the first time that the service profile is used. Appears in the Phone Book dialog box as a POP name.	.cmp	[Connection Manager]
DialAutomatically	Specifies whether to have the Connect automatically check box in the Connection Manager logon dialog box selected by default and to connect automatically the first time that the service profile is used. 0 (default) = Do not select the check box. 1 = Select the check box and connect automatically.	.cmp	[Connection Manager]
Domain	Specifies the logon domain name that appears automatically the first time that the service profile is used.	.cmp	[Connection Manager]
DUN0	Specifies the dial-up entry used for the primary phone number the first time that the service profile is used. Value must exactly match the entry name specified in Phone Book Administrator.	.cmp	[Connection Manager]
DUN1	Specifies the dial-up entry used for the backup phone number the first time that the service profile is used. Value must exactly match the entry name specified in Phone Book Administrator.	.cmp	[Connection Manager]
EnableLogging	Specifies whether a log file is created for the connection the first time that the service profile is used. The log file is named ServiceProfileServiceName.log for an all-user profile, and ServiceProfileServiceName (Single User).log for a single-user profile. 0 = Do not create a log file. 1 (default) = Create a log file.	.cmp	[Connection Manager]
InternetPassword	Specifies the password that appears automatically the first time that the user tries to connect using a VPN connection.	.cmp	[Connection Manager]
InternetUserName	Specifies the user name that appears automatically the first time that the user tries to connect using a VPN connection.	.cmp	[Connection Manager]
KeepDefaultCredentials	Specifies whether to keep first-time credentials such as user name and password in the .cmp file of the profile for persistent default display and usage for all first-time users of the profile. For single-user profiles, this information will appear only once. 0 (default) = Do not keep first-time credentials in the .cmp file. 1 = Keep first-time credentials in the .cmp file.	.cmp	[Connection Manager]
Password	Specifies the password that appears automatically the first time that the profile is used.	.cmp	[Connection Manager]
PCS	Specifies how the password will be stored for pre-population. 0 = Password stored in plaintext; pre-population is allowed. No other value for this key is valid for pre-population.	.cmp	[Connection Manager]
Phone0	Specifies the primary phone number populated for the user the first time the service profile is used and the default phone number any time another phone number is not selected.	.cmp	[Connection Manager]
Phone1	Specifies the backup phone number populated for the user the first time the service profile is used.	.cmp	[Connection Manager]
PhoneCanonical0	Specifies the canonical format of the primary phone number populated for the user the first time the service profile is used.	.cmp	[Connection Manager]
PhoneCanonical1	Specifies the canonical format of the backup phone number populated for the user the first time the service profile is used.	.cmp	[Connection Manager]
PhoneCountry0	Specifies the Telephony Application Programming Interface (TAPI) country/region code for the primary phone number set as default for the user the first time the service profile is used.	.cmp	[Connection Manager]
PhoneCountry1	Specifies the Telephony Application Programming Interface (TAPI) country/region code for the backup phone number set as default for the user the first time the service profile is used.	.cmp	[Connection Manager]
PhoneSource0	Specifies the service profile for the primary phone number to be used the first time the user connects.	.cmp	[Connection Manager]
PhoneSource1	Specifies the service profile for the backup phone number to be used the first time the user connects.	.cmp	[Connection Manager]
Region0	Specifies the default state or province from the phone book for the primary phone number the first time that the service profile is opened.	.cmp	[Connection Manager]
Region1	Specifies the default state or province from the phone book for the backup phone number the first time that the service profile is opened.	.cmp	[Connection Manager]
RememberInternetPassword	Specifies whether the Save password check box on the Internet Logon tab is selected by default for a populated Internet password. This key is ignored if the InternetPassword key is not set in the .cmp file. 0 (default) = The check box is cleared by default. 1 = The check box is selected by default, and the password is saved.	.cmp	[Connection Manager]
RememberPassword	Specifies whether to have the Save password check box in the Connection Manager logon dialog box selected by default for a populated password. This key is ignored if the Password key is not set in the .cmp file. 0 (default) = The check box is cleared by default. 1 = The check box is selected by default, and the password is saved.	.cmp	[Connection Manager]
ServiceType0	Specifies the default service type from the phone book for the primary phone number the first time that the service profile is opened.	.cmp	[Connection Manager]
ServiceType1	Specifies the default service type from the phone book for the backup phone number the first time that the service profile is opened.	.cmp	[Connection Manager]
UseDialingRules0	Specifies whether dialing rules are applied to the primary phone number the first time that the service profile is used. 0 = Dial the number exactly as it appears in the phone book or as it is typed. 1 (default) = Apply dialing rules to the number when displaying and dialing.	.cmp	[Connection Manager]
UseDialingRules1	Specifies whether dialing rules are applied to the backup number the first time the service profile is used. 0 = Dial the number exactly as it appears in the phone book or as it is typed. 1 (default) = Apply dialing rules to the number when displaying and dialing.	.cmp	[Connection Manager]
UserName	Specifies the name used to authenticate the user the first time that the service profile is used.	.cmp	[Connection Manager]
UserNamePrefix	Specifies the prefix added to the user name. Enables access to a service that requires a realm name as a user name prefix. This key is not used in a VPN connection.	CMAK	[Connection Manager]
UserNameSuffix	Specifies the suffix appended to the user name. Enables access to a service that requires a realm name as a user name suffix. This key not used in a VPN connection.	CMAK	[Connection Manager]

Connection Manager Custom Action Keys

These keys control when and how a custom action is performed.

Key	Description and values	Set in	Section
#	Specifies a single custom action. The format of the value is # = Program, where # is an ID number from 0 to n in sequential order and Program is the complete name of the program, including the file name extension and the path to the program. Programs start in sequence: 0 first, 1 next, and so on. Macros, such as %UserName% and %ErrorCode%, are set in Connection Manager, and they can be used as parameters for custom action programs.	CMAK	[Pre-Init Actions] [Pre-Connect Actions] [Pre-Dial Actions] [Pre-Tunnel Actions] [Connect Actions] [Disconnect Actions] [On-Cancel Actions] [On-Error Actions] [Auto Applications]
#&Flags	Specifies whether a custom action runs when a specific type of connection is established. The format of the value is #&Flags = n, where # is the ID number of a defined custom action and n indicates how dial-up and direct connections for that custom action are handled: If n = 0 (default), all connections trigger this custom action. (The default key does not appear in the .cms file.) If n = 1, all direct tunnel connections trigger this custom action. If n = 2 , all connections that involve dialing (direct or double) trigger this custom action. If n = 4, only connections that use dial-up trigger this custom action. If n = 8, only connections that involve a tunnel trigger this custom action	CMAK	[Pre-Init Actions] [Pre-Connect Actions] [Pre-Dial Actions] [Pre-Tunnel Actions] [Connect Actions] [Disconnect Actions] [On-Cancel Actions] [On-Error Actions] [Auto Applications]
#&Description	Specifies a short description of a custom action. The format of the value is #&Description = Text, where # is the number of a defined custom action and Text is the descriptive information for that custom action. This option can provide useful information when a synchronous custom action does not run properly. Default = The name of the custom action program.	CMAK	[Pre-Init Actions] [Pre-Connect Actions] [Pre-Dial Actions] [Pre-Tunnel Actions] [Connect Actions] [Disconnect Actions] [On-Cancel Actions] [On-Error Actions] [Auto Applications]

Specifies a single custom action. The format of the value is # = Program, where # is an ID number from 0 to n in sequential order and Program is the complete name of the program, including the file name extension and the path to the program. Programs start in sequence: 0 first, 1 next, and so on. Macros, such as %UserName% and %ErrorCode%, are set in Connection Manager, and they can be used as parameters for custom action programs.

CMAK

[Pre-Init Actions]

[Pre-Connect Actions]

[Pre-Dial Actions]

[Pre-Tunnel Actions]

[Connect Actions]

[Disconnect Actions]

[On-Cancel Actions]

[On-Error Actions]

[Auto Applications]

#&Flags

Specifies whether a custom action runs when a specific type of connection is established. The format of the value is #&Flags = n, where # is the ID number of a defined custom action and n indicates how dial-up and direct connections for that custom action are handled:

If n = 0 (default), all connections trigger this custom action. (The default key does not appear in the .cms file.)

If n = 1, all direct tunnel connections trigger this custom action.

If n = 2 , all connections that involve dialing (direct or double) trigger this custom action.

If n = 4, only connections that use dial-up trigger this custom action.

If n = 8, only connections that involve a tunnel trigger this custom action

CMAK

[Pre-Init Actions]

[Pre-Connect Actions]

[Pre-Dial Actions]

[Pre-Tunnel Actions]

[Connect Actions]

[Disconnect Actions]

[On-Cancel Actions]

[On-Error Actions]

[Auto Applications]

#&Description

Specifies a short description of a custom action. The format of the value is #&Description = Text, where # is the number of a defined custom action and Text is the descriptive information for that custom action. This option can provide useful information when a synchronous custom action does not run properly.

Default = The name of the custom action program.

CMAK

[Pre-Init Actions]

[Pre-Connect Actions]

[Pre-Dial Actions]

[Pre-Tunnel Actions]

[Connect Actions]

[Disconnect Actions]

[On-Cancel Actions]

[On-Error Actions]

[Auto Applications]

Connection Manager Control Keys

Connection Manager uses these keys to locate files and determine behavior during a connection.

Key	Description and values	Set in	Section
AutoReconnect	Specifies whether to automatically attempt to reconnect when a connection is terminated unexpectedly. 0 (default) = Do not automatically attempt to reconnect. 1 = Attempt to reconnect.	.cms	[Connection Manager]
CheckOSComponents	Specifies whether Connection Manager checks the operating system components. 0 (default) = Check the operating system components only when an error occurs. 1 = Always check the operating system components on service profile initialization.	.cms	[Connection Manager]
CMSFile	Specifies the name of the service profile file: (\Path\ServiceProfileFileName.cms), as specified in File name on the Service and File Names page. Do not use any of the following in this name: ! @ ^ & ( ) { } ` ´ ~ , ; <space> * = \ / : ? “ < > \| . % + [ ] $ #. Do not alter this value in the .cmp file. If a different name is required, use the CMAK wizard to edit the existing profile, specify new names for both the service name and the file name, and then finish running the wizard.	CMAK	[Connection Manager]
DisableICS	Specifies whether to prevent the user from sharing the connection with Internet Connection Sharing (ICS). 0 (default) = Do not suppress ICS settings. 1 = Disable ICS for this connection. The check box for enabling ICS will be unavailable. Valid only for Windows XP and Windows Server 2003.	.cms	[Connection Manager]
DoNotCheckBindings	Specifies whether to include the TCP/IP bindings when checking operating system components. 0 (default) = Include the TCP/IP bindings in the TCP/IP check and bind all that are not bound. 1 = Do not include the TCP/IP bindings when checking operating system components. TCP/IP services that sit between the TCP/IP protocol and the adapter are protected from being checked only if this option is set to 1 in all installed service profiles. This option does not prevent other service profiles or programs from checking bindings.	.cms	[Connection Manager]
EnableICF	Specifies whether to enable Internet Connection Firewall (ICF) for this connection with default settings. 0 (default) = Do not adjust ICF settings. 1 = Enable ICF for the connection with default settings. Valid only for Windows XP and Windows Server 2003.	.cms	[Connection Manager]
FileDirectory	Specifies the location of the log file. If the value is blank, the log file is created in the temp folder.	.cms	[Logging]
IdleThreshold	Specifies the maximum bytes per minute that can be received if an idle state is to be detected for the connection. Default = 0. This key is not valid on Windows NT 4.0.	.cms	[Connection Manager]
InternetConnection	Specifies whether to inform the operating system that this connection is a connection to the Internet. 0 (default) = Do not inform the operating system that this connection connects to the Internet for the purposes of automatically connecting when no connection is present. 1 = Inform the operating system that this connection connects to the Internet. Valid only for Windows XP and Windows Server 2003.	.cms	[Connection Manager]
MaxFileSize	Specifies the maximum file size (in kilobytes) before the log is cleared. The file size is checked at initialization to prevent data loss during a connection. The default is 100.	.cms	[Logging]
MonitorCallingProgram	Specifies whether to handle Connection Manager as a monitored custom action when Connection Manager is called programmatically and the calling process terminates. 0 = Do not monitor. 1 (default) = Monitor.	.cms	[Connection Manager]
PasswordHandling	Specifies the method of handling the password during the logon process. 0 (default) = Normal (case sensitive). 1 = Change uppercase letters to lowercase. 2 = Change lowercase letters to uppercase.	.cms	[Connection Manager]
Version	Specifies the version of the service provider or service profile file. Do not modify this value.	.cms .cmp	[Profile Format]

Connection Manager Registry Entries

The following registry entries are associated with Connection Manager.

The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.

\PBServerMonitor

Registry path

\Software\Microsoft\Connection Manager

Version

Windows Server 2003; Windows XP; Windows Millennium Edition; Windows 2000; Windows 98

The Mappings subkey is used to store the full path of the .cmp file for each service profile. The format for the value of the registry key is:

Under HKLM: All-users profiles

Under HKCU: Single-user profiles

Field	Description
Name	The friendly name of the service profile.
Type	REG_SZ
Data	The full path to the .cmp file of the service profile.

Field	Description
Name	The name of the executable file that will run.
Type	REG_DWORD
Data	A value that indicates the location of the executable.

Table Supported values for the Data field are:

Value	Location of executable
0x00000000(0)	%windir%\system32
0x00000001(1)	Profile directory

Network Ports Used by Connection Manager

The following table describes the network ports that Connection Manager commonly uses. Because administrators can customize Connection Manager service profiles, the exact network ports that service profiles use vary.

Port Assignments for Connection Manager

Service Name	UDP	TCP
HTTP		80
FTP		20/21

The following resources contain additional information that is relevant to this section.

Microsoft Platform SDK on MSDN for more information about remote access APIs
VPN Technical Reference
Resource Kit Tools
Registry Reference
Connection Manager Administration Kit
Routing and Remote Access
Microsoft Systems Architecture

Connection Manager Tools and Settings

Connection Manager Tools and Settings

Connection Manager Tools

Cmak.exe: Connection Manager Administration Kit

Category

Version compatibility

Pbserver.dll: Phone Book Service

Category

Version compatibility

Pbadmin.exe: Phone Book Administrator

Category

Version compatibility

Connection Manager Predefined Custom Actions

Cmdl32.exe: Automatic Phone Book Download

Custom Action Type

Purpose

Configuration

Cmproxy.dll: Automatic Proxy Configuration

Custom Action Type

Purpose

Configuration

Cmroute.dll: Routing Table Updates

Custom Action Type

Purpose

Configuration

Routing table precedence

Cmdl32.exe /VPN: Download Update for VPN File

Custom Action Type

Purpose

Configuration

Connection Manager Keys and Values

Connection Manager Section Headings

Keys that Control the Connection Manager User Interface

Keys that Control Dial-up Settings

Keys that control VPN settings

Keys that Control Required User Information

Keys that Provide Data the First Time the Service Profile is Used

Connection Manager Custom Action Keys

Connection Manager Control Keys

Connection Manager Registry Entries

\PBServerMonitor

Registry path

Version

\Performance

Registry path

Version

\Phone Book Service

HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application

Version

\Connection Manager Administration Kit

Registry path

Version

\Connection Manager

Registry path

Version

\Access Points

Registry path

Version

\AccessPointName

Registry path

Version

\ICSData

Registry path

Version

\Mappings

Registry path

Version

\ProfileName

Registry path

Version

\UserInfo

Registry path

Version

\WinLogon Actions

Registry path

Version

Network Ports Used by Connection Manager

Related Information

Additional resources