Virtual Private Networks seem to be on the rise, with workers telecommuting or requiring access while on the road it makes sense. Setting up a VPN server is not too difficult, however, deploying the settings to users who are not in the office often, if ever, can be difficult. For this we have the Connection Manager Administrator Kit, aka CMAK.
With CMAK we can quickly and easily create VPN connectiods with all the required settings that end users can easily install on their systems. CMAK is not installed by default so you will need to install it from Add/Remove Programs | Add/Remove Windows Components | Management and Monitoring Tools | Connection Manager Administrator Kit. Once installed click Start and point to Administrative Tools, and click on Connection Manager Administration Kit. Click Next to continue. (FYI, rather than write a book on CMAK I skipped a few screenshots)
Select to create a new profile and click Next. You will be prompted for the Service name and the File name. The service name is what will be displayed on the end users computer under Network and Dial-Up Connections. The file name is the name of the executable that will be created at the end.
Next you will be asked to supply an optional Realm name. A realm name is not normally required if you are connecting directly to the VPN server, however it maybe necessary when accessing from a 3rd party network that uses RADIUS.
If you have previously created a CMAK profile, you can merge it into the one you are creating.
Next we will specify the address of the VPN server. We need to check the Phone Book from this profile box to create a new phone book. You can also specify the VPN server or servers to connect to.
The VPN Entries screen will allow you to configure TCP/IP and security settings.
Click Edit to review these settings. On the General tab we can enable/disable file and printer sharing and enable/disable clients to log on to the network. The TCP/IP Settings tab allows us to specify the TCP/IP properties and the Security tab allows us to configure the security options. Click OK to return to the VPN Entries screen and click Next. Here we can specify where to get Phone Book updates from.
Phone books are part of the Phone Book Administrator Service. If you arent running the Phone book service uncheck the Automatically download phone book updates checkbox. Otherwise enter the name and location of the Phone Book. If you need to specify Dial-Up settings you can do so on the Dial-Up Networking Entries screen. If you are configuring VPN client who will always be connecting from broadband connections you can skip this, otherwise click Edit and enter the dial-up settings. Next you will be given the option to provide custom routing tables. The default setting is to have the VPN client connect to all non-directly connected networks via the VPN interface. However, if you do not configure the VPN client to use the VPN connection as its default gateway, then you can create a custom routing table to allow the VPN client to access all subnets on the internal network.
You can use the settings on the Automatic Proxy Configuration page to force VPN clients to use the VPN server as its Proxy server. The VPN connectoid can be configured to force the VPN client to be a Proxy client and enforce your firewall policies on the VPN client while connected to the internal network. If you specify a custom Proxy settings check the box to Restore the user's previous proxy settings after disconnecting. On the Custom Actions page you can specify programs to start automatically before, after or during the VPN connection, including login scripts and if you are using the new Remote Access Quarantine feature of Windows Server 2003 SP1, here is where you would configure the validation script.
The next 3 screens allow us to specify custom images for the Logon screen, Phone Book screen and a custom icon for the Connection Manager user interface. Next you can specify custom commands for the shortcut menu for the taskbar icon, a custom help file and a support number the end user can call if they have any troubles. You can also include Connection Manager 1.3 with the package in case the end users computer is missing it or has not been upgraded yet.
The final few options allow you to specify a License Agreement, any additional files required (like the validation script for RAQ or other scripts called on by the Custom Actions specified), and some additional customizations you may or may not want to specify. When complete click Finish to end the wizard and build your VPN installation package.
The VPN installation package will be located in C:\Program Files\CMAK\Profiles\{profilename}
Copy these files to a floppy, CD-Rom, USB disk or email to the end user. Have them run the executable to configure the VPN connectoid on their computer. 
For more information see:
Resource Kit