I setup VPN’s this morning on an SBS 2003 server.
Was quite simple to be honest. Enable the Routing and Remote Access service in SBS2003, open up port 1723 on the router (Zyxel Prestige 660RU-T1) am using NAT so had to port forward, then setup specific users for VPN access. I elected to use a seperate user for the VPN access to add an extra layer of protection.
All looking good so far!
Setting up the “Routing and…” was the trickiest, cos i had to find it first.
On SBS 2003 i was looking for the PPTP protocol to install in the Network Properties, but it wasnt present. I was all “bugger, this will have to wait” but after some poking around, i found the “Routing and Remote Access” option in the Administrative Tools area.
That then had to be enabled.
Once it was it was a case of allowing a user through. To do this in SBS 2003 I needed to create the new user.
For an added layer of security I am using a seperate user to authenticate for the VPN than the user used to login to the server.
I elected to go through the Active Directory area to do this as opposed to the Server Management console, no reason, i just happened to have AD open at the time. I didnt give them an exchange mailbox. When they were added, i went in the Users area in the Server Management console, right clicked the user i created, then went to the Dial In area. I selected the “Allow” option in this.
It is of course possible to use a group policy to do all this for a specific user group, but i dont know how to do this yet! 
