Networking Keys
Applies To: Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 Foundation, Windows Server 2008 R2, Windows Server 2012, Windows Vista
You can change how Connection Manager handles networking. To do this, you need to edit the service (.cms) file. The table in this topic covers the key names and values that pertain to the networking sections of the .cms file. This topic also describes the formats and conventions you should use in the .cms file.
Formats and conventions
Connection Manager creates service (.cms) files, which use the same format as Windows initialization (.ini) files and information (.inf) files. These files have several things in common:
Each file is divided into sections, with specific entries, called keys, assigned to the sections. A section heading is enclosed within brackets ([ ]). For example, [Strings] is a section containing text strings for messages. The keys for a section are not enclosed within brackets.
Each value specified for a numeric key must be an integer. Any noninteger value is truncated to an integer or ignored as invalid data. For example, 1.1 is truncated to 1 or ignored.
The order in which sections appear is not important; a particular section can be placed anywhere in the file.
Each comment in the file begins with a semicolon (;).
Table of networking keys
The following table shows the valid keys for networking in the .cms file, the function and use of each key, and where each key can be set. You can set different keys in the CMAK wizard or the .cms file. If you change the .cms file with a text editor, rather than by using the Advanced Customization page of the CMAK wizard, you must rebuild the profile afterward with the CMAK wizard.
Note
In the following table, keys controlled by specific panes of the CMAK wizard are identified in the Set in column as CMAK. Although these keys appear in the .cms file, you should use the CMAK wizard to update these keys. If you change these keys by editing the .cms file, the CMAK wizard might overwrite them if you run it again on the same profile. Keys set in the Advanced Customization page of the CMAK wizard are identified as .cms or .cmp, as appropriate.
Note
Make sure that locations are specified either as the full path or in reference to the location of the .cmp file.
| [Section] or key | Value | Set in | ||
|---|---|---|---|---|
[Server&TunnelDUN] |
Configuration to be used for all VPN connections. In this section title, TunnelDUN is the value of the TunnelDUN key in the [Connection Manager] section, for example, [Server&Awesome1 Tunnel]. This section uses the same format as the [Server&EntryName] section, including all keys valid under that section. |
CMAK .cms |
||
[Server&EntryName] |
Configuration where EntryName is the name of the dial-up entry, for example, [Server&Awesome1]. |
CMAK |
||
SecureLocalFiles |
Whether to share local files and allow printer sharing. If the value of the key is set to 1, it will disable NetBT. This key value will be ignored on Windows XP and later versions of Windows if a value is assigned to the SecureClientForMSNet key, the SecureFileAndPrint key, or both. 0 (default) = Share local files. 1 = Do not share local files. |
CMAK |
||
SecureClientForMSNet |
Whether to allow the use of NetBT. If this key is set, the value of the SecureLocalFiles key will be ignored. 0 (default) = Allow the use of NetBT. 1 = Do not allow the use of NetBT. |
.cms |
||
SecureFileAndPrint |
Whether to enable file and print sharing. If this key is set, the value of the SecureLocalFiles key will be ignored. 0 (default) = Enable. 1 = Disable. Files and print resources will not be shared. |
.cms |
||
DataEncrypt |
Whether to force data encryption. If the EncryptionType key is set, the value of the DataEncrypt key is ignored. 0 (default for dial-up entries) = Do not encrypt data. 1 (default for VPN entries) = Encrypt data. |
CMAK |
||
EncryptionType |
Which encryption level is to be used. 0 = None. 1 (default for VPN) = Require. 3 (default for dial-up) = Optional. |
CMAK |
||
DontNegotiateMultilink |
Whether to allow multilinking. 0 (default) = Allow multilink. 1 = Do not allow multilink. |
.cms |
||
DontUseRasCredentials |
Whether to cache the user's credentials in Stored User Names and Passwords for use when accessing resources after logging onto the network. 0 (default) = Cache and use credentials. 1 = Do not cache and use credentials. |
.cms |
||
NetworkLogon |
Whether to log on to the network. 0 = Do not log on. This is the default for dial-up connections. 1 = Log on. This is the default for VPN connections. |
CMAK |
||
SW_Compress |
Whether to negotiate PPP software compression of data. 0 = Do not negotiate. 1 (default) = Negotiate. |
.cms |
||
Disable_LCP |
Whether to enable Link Control Protocol (LCP) extensions. 0 (default) = Enable. 1 = Disable. |
.cms |
||
PW_Encrypt |
Whether to encrypt a password when authenticating. 0 (default) = Do not encrypt. 1 = Encrypt. |
CMAK |
||
PW_EncryptMS |
Whether to require MS-CHAP version 1 for this connection. 0 = Do not require MS-CHAP v1. 1 = Require MS-CHAP v1. |
CMAK |
||
Negotiate_TCP/IP |
Whether to negotiate TCP/IPv4. 0 = Do not negotiate. 1 (default) = Negotiate. |
.cms |
||
Negotiate_TCP/IPv6 |
Whether to negotiate TCP/IPv6. 0 = Do not negotiate. 1 (default) = Negotiate. |
.cms |
||
Negotiate_IPX |
Whether to negotiate the IPX protocol. 0 (default) = Do not negotiate. 1 = Negotiate. Note: The IPX/SPX protocol is not available on the 64-bit versions of Windows XP or Windows Server 2003 family, or on Windows Vista or later versions of Windows. |
.cms |
||
Negotiate_NetBEUI |
Whether to negotiate the NetBIOS extended user interface (NetBEUI) protocol. 0 (default) = Do not negotiate. 1 = Negotiate |
.cms |
||
Require_PAP |
Whether Password Authentication Protocol (PAP) is allowed. 0 (default) = Not allowed. 1 = Allowed. |
CMAK |
||
Require_SPAP |
Whether SPAP is allowed. 0 (default) = Not allowed. 1 = Allowed. |
CMAK |
||
Require_EAP |
Whether Extensible Authentication Protocol (EAP) is allowed. 0 (default) = Not allowed. 1 = allowed. |
CMAK |
||
Require_CHAP |
Whether Challenge Handshake Authentication Protocol (CHAP) is allowed. 0 = Not allowed. 1 (default) = Allowed. |
CMAK |
||
Require_MSCHAP |
Whether MSCHAP is allowed. 0 = Not allowed. 1 (default) = Allowed.
|
CMAK |
||
Require_MSCHAP2 |
Whether MSCHAP2 is allowed. 0 = Not allowed. 1 (default) = Allowed. |
CMAK |
||
Custom_Security |
Applies specific security settings on computers. 0 = Use standard configuration. 1 (default) = Use custom configuration. |
CMAK |
||
CustomAuthKey |
The ID of the Extensible Authentication Protocol (EAP) to be used with this connection. The format is CustAuthKey=ID, where ID is the Internet Assigned Numbers Authority (IANA) ID for the EAP. If no ID is specified, no attempt will be made to read the CustomAuthData value. |
CMAK |
||
CustomAuthData# |
The configuration data for the EAP. The format is CustomAuthData#=EAPConfigurationData, where # is the number of the specific line of data, for example: CustomAuthData0=1AFGKLMOFGH23K Each line can contain a maximum of 128 characters. If the ID has more than 128 characters, it must be specified as multiple lines, incrementing the # for each line of data. For example: CustomAutData0=First128Characters CustomAuthData1=Next128Characters CustomAuthData2=FinalCharacters |
CMAK |
||
EnforceCustomSecurity |
Whether to enforce the user to select a phone book entry that includes support for advanced security settings. 0 = Do not enforce phone book entry selection. 1 (default) = Enforce selection of phone book entries that support advanced security settings. |
CMAK |
||
DisableNbtOverIP |
Whether to disable the NetBT routing protocol for this connection. 0 (default) = Do not disable NetBT. 1 = Leave NetBT enabled. |
.cms |
||
[TCP/IP&TunnelDUN] |
TCP/IP configuration to be used for all VPN connections. In this section title, TunnelDUN is the value of the TunnelDUN key in the [Connection Manager] section, for example, [TCP/IP&Awesome1 Tunnel]. This section uses the same format as the [TCP/IP&EntryName] section, including all keys valid under that section. This section is created by the CMAK wizard, but the keys can be edited in the .cms file. |
CMAK .cms |
||
[TCP/IP&EntryName] |
Configuration where EntryName is the name of the dial-up entry, for example: [TCP/IP&Awesome1]. |
CMAK .cms |
||
Specify_IP_Address |
Whether to specify a static IP address. 0 (default) = Do not specify. 1 = Specify. |
.cms |
||
IP_Address |
Static IP addresses. |
.cms |
||
Specify_Server_Address |
Whether to specify static IPv4 addresses for DNS or Windows Internet Name Service (WINS) servers. 0 (default) = Do not specify. 1 = Specify. |
CMAK |
||
IPv6_Specify_Server_Address |
Whether to specify static IPv6 addresses for DNS servers. 0 (default) = Do not specify. 1 = Specify. |
CMAK |
||
DNS_Address |
Primary IPv4 DNS server address. |
CMAK |
||
IPv6_DNS_Address |
Primary IPv6 DNS server address. |
CMAK |
||
DNS_Alt_Address |
Alternate IPv4 DNS address. |
CMAK |
||
IPv6_DNS_Alt_Address |
Alternate IPv6 DNS address. |
CMAK |
||
WINS_Address |
WINS address. |
CMAK |
||
WINS_Alt_Address |
Alternate WINS address. |
CMAK |
||
IP_Header_Compress |
Whether to enable IP header compression. 0 = Not enabled. 1 (default) = Enabled. |
CMAK |
||
Gateway_On_Remote |
Whether to use the IPv4 default gateway on the remote private network. 0 = Do not use. 1 (default) = Use. |
CMAK |
||
IPv6_Gateway_On_Remote |
Whether to use the IPv6 default gateway on the remote private network. 0 = Do not use. 1 (default) = Use. |
CMAK |
||
DNSSuffix |
DNS suffix to use for the connection. |
.cms |
||
TcpWindowSize |
Sets the size (expressed in bytes) of the window offered by the connection. Number of bytes of information to send before expecting a return packet. Minimum value is 4,096; maximum value is 65,500. If this key is not set, the default window size for the operating system and the connection type will be used. |
.cms |
||
[Networking&TunnelDUN] |
The single configuration to be used for all VPN connections. In this section title, TunnelDUN is the value of the TunnelDUN key in the [Connection Manager] section, for example, [Networking&Awesome1 Tunnel]. |
CMAK |
||
VpnStrategy |
Which tunneling protocol to use when establishing a VPN connection. Note This setting is compatible only with computers that are running Windows XP or later. To use SSTP on computers that are running Windows Vista with Service Pack 1 (SP1) or later, use VpnStrategy2 instead. To use IKEv2 on a computer that is running Windows 7 or Windows Server 2008 R2, use VpnStrategy3 instead.
1 = Use PPTP only. 2 = Try PPTP first. 3 = Use L2TP only. 4 = Try L2TP first. |
CMAK |
||
VpnStrategy2 |
Which tunneling protocol to use when establishing a VPN connection. Note This setting is compatible only with computers that are running Windows Vista with Service Pack 1 (SP1) or later. It is ignored on computers that are running earlier versions of Windows. To use IKEv2 on a computer that is running Windows 7 or Windows Server 2008 R2, use VpnStrategy3 instead.
1 = Use PPTP only. 2 = Try PPTP first. 3 = Use L2TP only. 4 = Try L2TP first. 5 = Use SSTP only. 6 = Try SSTP first. |
CMAK |
||
VpnStrategy3 |
Which tunneling protocol to use when establishing a VPN connection. Note This setting is compatible only with computers that are running Windows 7 or Windows Server 2008 R2. It is ignored on computers that are running earlier versions of Windows. A client that can use this key always reads VpnStrategy3 first and uses it if present. If it VpnStrategy is not present, then it tries VpnStrategy2, if that is not present, it then uses VpnStrategy.
1 = Use PPTP only. 2 = Try PPTP first. 3 = Use L2TP only. 4 = Try L2TP first. 5 = Use SSTP only. 6 = Try SSTP first. 7 = Use IKEv2 only. 8 = Try IKEv2 first. |
CMAK |
||
DisableIKENameEkuCheck |
Valid for IKEv2 connections only. Disables the check for extended key usage (EKU) attributes in the server authentication certificate. Note This setting is compatible only with computers that are running Windows 7 or Windows Server 2008 R2. It is ignored on computers that are running earlier versions of Windows.
0 = Check the server authentication certificate for proper EKU attributes. 1 = Do not check the server authentication certificate for proper EKU attributes. |
.cms |
||
DisableMobility |
Valid for IKEv2 connections only. Disables the automatic switch of an IKEv2 connection to another interface if the connection on the original interface is interrupted. Note This setting is compatible only with computers that are running Windows 7 or Windows Server 2008 R2. It is ignored on computers that are running earlier versions of Windows.
0 = Automatically switch the IKEv2 connection to another interface if the connection on the original interface is interrupted. 1 = Do not automatically switch the IKEv2 connection to another interface if the connection on the original interface is interrupted. |
.cms |
||
NetworkOutageTime |
Valid for IKEv2 connections only. Specifies the time (in minutes) for which an IKEv2 connection can remain dormant. A dormant connection is one on which the IKEv2 tunnel is lost on the original interface and there is not another interface on which the client can reestablish the tunnel. If the tunnel cannot be reestablished within the specified number of minutes, then the connection is dropped. Note This setting is compatible only with computers that are running Windows 7 or Windows Server 2008 R2. It is ignored on computers that are running earlier versions of Windows.
|
.cms |
||
UsePreSharedKey |
Whether to use a preshared key for L2TP/IPSec authentication. 0 (default) = Do not use a pre-shared key. 1 = Use a pre-shared key. |
CMAK |
||
VPNEntry |
Specifies to CMAK whether the entry is a VPN entry and not a dial-up entry. 0 = Dial-up entry. 1 = VPN entry. |
CMAK |
||
[Scripting&EntryName] |
Location (path and file name) of the script (.scp) file, where EntryName is the name of the dial-up entry, for example: [Scripting&Awesome1]. |
CMAK |
||
Name |
Location (including path and file name) of the script (.scp) file for the dial-up entry. |
CMAK |
||
UseTerminalWindow |
Whether to use a terminal window when connecting to a service. 0 (default) = Do not use a terminal window. 1 = Use a terminal window. |
.cms |
.gif)
Note