How to remove the Routing functionality of Windows 2003

Is it possible to remove the Routing functionality in Windows 2003 EE? I
know that it can be enabled or disabled. I still need Remote Access
available.
--
LER
The problem with new experiences is that they are so rarely the ones you
choose. - Calvin (of Calvin&Hobbes)

In news:63831D4A-95B8-44E3-952B-(E-Mail Removed),
RamseyHere <(E-Mail Removed)> stated, which I commented
on below:
> Is it possible to remove the Routing functionality in Windows 2003
> EE? I know that it can be enabled or disabled. I still need Remote
> Access available.

If RRAS disabled, then it will not route. If RRAS is enabled, and you only
have one NIC (such as for VPN only authentication), then it will not route
either. If it has two NICs and RRAS and you can also choose to not route.

Maybe if you can elaborate on *exactly* what you are trying to accomplish or
configure, I'm sure we can probably offer you a solution.

--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

I have a server with two NICs attached to two networks. One NIC is on a
corporate network, and will be configured with gateway and DNS addresses.
The second NIC is connected to a "private" network inside a central complex
(this is a management server for that complex). This NIC will not have a
gateway or DNS configured. It will have entries in its HOST file for the
four or five machines it needs to see on this private network.

The issue is that the network auditors are concerned that someone could get
into the server and turn on Routing. We would have Routing disabled, but I
wanted to go one step further and remove the service from the machine. I
know that in Windows 2000 you could selecetively install Routing. I was
hoping for the same type of feature here.
--
LER
The problem with new experiences is that they are so rarely the ones you
choose. - Calvin (of Calvin&Hobbes)


"Ace Fekay [MVP]" wrote:

> In news:63831D4A-95B8-44E3-952B-(E-Mail Removed),
> RamseyHere <(E-Mail Removed)> stated, which I commented
> on below:
> > Is it possible to remove the Routing functionality in Windows 2003
> > EE? I know that it can be enabled or disabled. I still need Remote
> > Access available.
>
> If RRAS disabled, then it will not route. If RRAS is enabled, and you only
> have one NIC (such as for VPN only authentication), then it will not route
> either. If it has two NICs and RRAS and you can also choose to not route.
>
> Maybe if you can elaborate on *exactly* what you are trying to accomplish or
> configure, I'm sure we can probably offer you a solution.
>
> --
> Ace
> Innovative IT Concepts, Inc (IITCI)
> Willow Grove, PA
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
> to easily find, track threads, cross-post, sort by date, poster's name,
> watched threads or subject.
> It's easy:
>
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Infinite Diversities in Infinite Combinations
> Assimilation Imminent. Resistance is Futile
> "Very funny Scotty. Now, beam down my clothes."
>
> The only constant in life is change...
>
>
>

It is not going to act as a router unless you specifically configure RRAS to act
as a router.

RRAS *is* the routing service or at least runs on top of it. The "naked" OS can
do routing if you hack the thing up to make it work like NT4 did without
RRAS,...but it certainly isn't going to do it "by accident".

Things were no different in Windows2000, nothing has changed. You misunderstand
the situation if you don't think that is true. Win2000 through Win2003 all work
the same way and use RRAS the same way. It was NT4 that could easily act as a
router without having RRAS,...in fact RRAS had not been invented yet,...that
came later on and you had to download RRAS separately and install it into NT4.
Originally NT4 had only RAS (not RRAS) and they were not the same thing.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed (as annoying as they are, and as stupid as they sound), are
my own and not those of my employer, or Microsoft, or anyone else associated
with me, including my cats.
-----------------------------------------------------

"RamseyHere" <(E-Mail Removed)> wrote in message
news:4E92C5C4-38E3-4391-9274-(E-Mail Removed)...
>I have a server with two NICs attached to two networks. One NIC is on a
> corporate network, and will be configured with gateway and DNS addresses.
> The second NIC is connected to a "private" network inside a central complex
> (this is a management server for that complex). This NIC will not have a
> gateway or DNS configured. It will have entries in its HOST file for the
> four or five machines it needs to see on this private network.
>
> The issue is that the network auditors are concerned that someone could get
> into the server and turn on Routing. We would have Routing disabled, but I
> wanted to go one step further and remove the service from the machine. I
> know that in Windows 2000 you could selecetively install Routing. I was
> hoping for the same type of feature here.
> --
> LER
> The problem with new experiences is that they are so rarely the ones you
> choose. - Calvin (of Calvin&Hobbes)
>
>
> "Ace Fekay [MVP]" wrote:
>
>> In news:63831D4A-95B8-44E3-952B-(E-Mail Removed),
>> RamseyHere <(E-Mail Removed)> stated, which I commented
>> on below:
>> > Is it possible to remove the Routing functionality in Windows 2003
>> > EE? I know that it can be enabled or disabled. I still need Remote
>> > Access available.
>>
>> If RRAS disabled, then it will not route. If RRAS is enabled, and you only
>> have one NIC (such as for VPN only authentication), then it will not route
>> either. If it has two NICs and RRAS and you can also choose to not route.
>>
>> Maybe if you can elaborate on *exactly* what you are trying to accomplish or
>> configure, I'm sure we can probably offer you a solution.
>>
>> --
>> Ace
>> Innovative IT Concepts, Inc (IITCI)
>> Willow Grove, PA
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
>> Microsoft MVP - Directory Services
>> Microsoft Certified Trainer
>>
>> Having difficulty reading or finding responses to your post?
>> Instead of the website you're using, I suggest to use OEx (Outlook Express
>> or any other newsreader), and configure a news account, pointing to
>> news.microsoft.com. This is a direct link to the Microsoft Public
>> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
>> to easily find, track threads, cross-post, sort by date, poster's name,
>> watched threads or subject.
>> It's easy:
>>
>> How to Configure OEx for Internet News
>> http://support.microsoft.com/?id=171164
>>
>> Infinite Diversities in Infinite Combinations
>> Assimilation Imminent. Resistance is Futile
>> "Very funny Scotty. Now, beam down my clothes."
>>
>> The only constant in life is change...
>>
>>
>>

Thanks to all for your answers. The customer was concerned about someone
"hacking" in and turning the routing on. I believe we can prevent this.
--
LER
The problem with new experiences is that they are so rarely the ones you
choose. - Calvin (of Calvin&Hobbes)


"Phillip Windell" wrote:

> It is not going to act as a router unless you specifically configure RRAS to act
> as a router.
>
> RRAS *is* the routing service or at least runs on top of it. The "naked" OS can
> do routing if you hack the thing up to make it work like NT4 did without
> RRAS,...but it certainly isn't going to do it "by accident".
>
> Things were no different in Windows2000, nothing has changed. You misunderstand
> the situation if you don't think that is true. Win2000 through Win2003 all work
> the same way and use RRAS the same way. It was NT4 that could easily act as a
> router without having RRAS,...in fact RRAS had not been invented yet,...that
> came later on and you had to download RRAS separately and install it into NT4.
> Originally NT4 had only RAS (not RRAS) and they were not the same thing.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
> The views expressed (as annoying as they are, and as stupid as they sound), are
> my own and not those of my employer, or Microsoft, or anyone else associated
> with me, including my cats.
> -----------------------------------------------------
>
> "RamseyHere" <(E-Mail Removed)> wrote in message
> news:4E92C5C4-38E3-4391-9274-(E-Mail Removed)...
> >I have a server with two NICs attached to two networks. One NIC is on a
> > corporate network, and will be configured with gateway and DNS addresses.
> > The second NIC is connected to a "private" network inside a central complex
> > (this is a management server for that complex). This NIC will not have a
> > gateway or DNS configured. It will have entries in its HOST file for the
> > four or five machines it needs to see on this private network.
> >
> > The issue is that the network auditors are concerned that someone could get
> > into the server and turn on Routing. We would have Routing disabled, but I
> > wanted to go one step further and remove the service from the machine. I
> > know that in Windows 2000 you could selecetively install Routing. I was
> > hoping for the same type of feature here.
> > --
> > LER
> > The problem with new experiences is that they are so rarely the ones you
> > choose. - Calvin (of Calvin&Hobbes)
> >
> >
> > "Ace Fekay [MVP]" wrote:
> >
> >> In news:63831D4A-95B8-44E3-952B-(E-Mail Removed),
> >> RamseyHere <(E-Mail Removed)> stated, which I commented
> >> on below:
> >> > Is it possible to remove the Routing functionality in Windows 2003
> >> > EE? I know that it can be enabled or disabled. I still need Remote
> >> > Access available.
> >>
> >> If RRAS disabled, then it will not route. If RRAS is enabled, and you only
> >> have one NIC (such as for VPN only authentication), then it will not route
> >> either. If it has two NICs and RRAS and you can also choose to not route.
> >>
> >> Maybe if you can elaborate on *exactly* what you are trying to accomplish or
> >> configure, I'm sure we can probably offer you a solution.
> >>
> >> --
> >> Ace
> >> Innovative IT Concepts, Inc (IITCI)
> >> Willow Grove, PA
> >>
> >> This posting is provided "AS-IS" with no warranties or guarantees and
> >> confers no rights.
> >>
> >> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> >> Microsoft MVP - Directory Services
> >> Microsoft Certified Trainer
> >>
> >> Having difficulty reading or finding responses to your post?
> >> Instead of the website you're using, I suggest to use OEx (Outlook Express
> >> or any other newsreader), and configure a news account, pointing to
> >> news.microsoft.com. This is a direct link to the Microsoft Public
> >> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
> >> to easily find, track threads, cross-post, sort by date, poster's name,
> >> watched threads or subject.
> >> It's easy:
> >>
> >> How to Configure OEx for Internet News
> >> http://support.microsoft.com/?id=171164
> >>
> >> Infinite Diversities in Infinite Combinations
> >> Assimilation Imminent. Resistance is Futile
> >> "Very funny Scotty. Now, beam down my clothes."
> >>
> >> The only constant in life is change...
> >>
> >>
> >>
>
>
>

"RamseyHere" <(E-Mail Removed)> wrote in message
news:25A4D323-E63E-493E-97C4-(E-Mail Removed)...
> Thanks to all for your answers. The customer was concerned about someone
> "hacking" in and turning the routing on. I believe we can prevent this.

If someone hacked it to the point where they could reach that machine in such a
way to be able to do that,..two things:
1. That machine isn't going to be the hacker's target
2. They have bigger things to worry about than that machine

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed (as annoying as they are, and as stupid as they sound), are
my own and not those of my employer, or Microsoft, or anyone else associated
with me, including my cats.
-----------------------------------------------------

In news:(E-Mail Removed),
Phillip Windell <@.> stated, which I commented on below:
> If someone hacked it to the point where they could reach that machine
> in such a way to be able to do that,..two things:
> 1. That machine isn't going to be the hacker's target
> 2. They have bigger things to worry about than that machine

I agree. If they got that far with it, then the machine would be toast.

Ace