In the fast-paced world of networking, the ability to connect remotely to different networks is no longer a luxury but a necessity. For years, Microsoft’s Connection Manager Administration Kit (CMAK) has been a vital tool in this arena. Although deprecated after Windows Server 2012 and Windows 8, this tool remains an essential part of networking history and still holds relevance for certain use-cases today. This article will provide a deep dive into CMAK, focusing mainly on its more recent versions while giving a nod to its historical background.
In this article:
- What is the Connection Manager Administration Kit (CMAK)?
- Installing CMAK
- Run the CMAK Wizard to Create a Connection Profile
- How CMAK Evolved Over Time
- Alternatives to CMAK
- References and Further Reading
1. What is the Connection Manager Administration Kit (CMAK)?
First off, let’s tackle the basics. The Connection Manager Administration Kit, commonly known as CMAK, is a Microsoft tool. It focuses on creating customizable network connectivity solutions. Specifically, it allows users to connect remotely to various types of networks. These can be anything from Internet service providers (ISPs) to corporate networks safeguarded by VPN servers.
The Connection Manager Administration Kit (CMAK) is a tool that you can use to customize the remote connection experience for users on your network by creating pre-defined connections to remote servers and networks. To create and customize a connection for your users, you use the CMAK wizard.
Lastly, let’s break it down. CMAK consists of multiple components. One main component is the Connection Manager (CM).
Now, a quick journey back in time. Believe it or not, CMAK has been around since the days of Windows 2000. However, it gained more features and became more refined with each new version of Windows. By the time we reached Windows Server 2012 and Windows 8, the tool was comprehensive but eventually deprecated.
2. Installing CMAK?
CMAK isn’t part of the default installation package, so you’ll need to manually install it if you want to create connection profiles for remote network access.
To perform this installation, you’ll need to have membership in the local Administrators group, or an equivalent level of access.
- Open Server Manager: Start by clicking on the Start menu. Next, go to Administrative Tools and then select Server Manager.
- User Account Control: If a User Account Control dialog box pops up, ensure that the displayed action aligns with your intent, and then click on ‘Continue.’
- Navigate to Features: Within Server Manager, locate the navigation pane on the side and click on ‘Features.’
- Select CMAK: From the list of available features, find and select ‘Connection Manager Administration Kit.’ Then click ‘Next.’
- Confirm and Install: You’ll land on a page titled ‘Confirm Installation Selections.’ Here, go ahead and click ‘Install.’
- Check Installation: Once the installation finishes, you’ll be directed to the ‘Installation Results’ page. Confirm the installation’s success and click ‘Close.’
3. Run the CMAK Wizard to Create a Connection Profile
With the CMAK wizard, configuring a new or modifying an existing connection profile becomes a step-by-step process. Each page of the wizard guides you through another aspect of the setup.
Launching the CMAK Wizard:
- Access Server Manager: Click on the Start menu, head over to Administrative Tools, and then select Connection Manager Administration Kit. If you don’t see this option, you’ll need to install CMAK first.
- User Account Control: If prompted by a User Account Control dialog, verify the action and click ‘Continue.’
- Starting Point: Once the Welcome page appears, click ‘Next’ to proceed.
4. Target Operating System Selection
When you create a connection profile, you must specify the operating system that it supports. Connection Manager version 1.4 adds support for features that require Microsoft® Windows Vista® or Windows Server® 2008, or later on the client computer. Selecting the correct target operating system group ensures that the most appropriate features are available to the users of the profile.
|Windows Vista or Windows Server 2008
|Specifies that the profile includes features that can only be used on a computer running those operating systems
|Windows Server 2003, Windows XP, or Windows 2000
|Specifies that the profile includes only those features that can be used on any supported operating system, including Windows Vista and Windows
5. Connection Profile Creation or Modification
Each time you run the CMAK wizard, you create or modify a connection profile. You can create as many connection profiles as needed to support different specific remote network user groups.
|Specifies that you want to create a new connection profile.
|Specifies that you want to modify an existing connection profile. CMAK displays connection profiles that you created previously on this computer.
6. Service and File Name Specification
For each connection profile you create, you must specify a service name and a file name.
Important: Make sure that the service and file names are different from all other service and file names that you provide to your remote network users. If two connection profiles on the same computer have the same service or file name, the associated connection icons do not work correctly.
|Specifies the name that users see when looking at the list of connection profiles installed on their computers.
|Specifies the file name used to store the created connection profile. When editing an existing connection profile, if you do not want to write over the existing connection profile, you must change the file name.
7. Realm Name Entry
Realm names are used for network routing and authentication. They provide the identification necessary to forward authentication requests to the server that holds the user’s credentials. In Windows, this is often an Active Directory® Domain Services (AD DS)domain name. Realm information is only used for dial-up connections.
|Do not add a realm name to the user name
|Specifies that the connection profile sends the user name to the remote server exactly as typed.
|Add a realm name to the user name
|Specifies that the connection profile adds the realm name entered on this page to every user name before it is sent to the remote server for authentication.
|Realm name (include separator character)
|Specifies the text added to the user name before it is sent to the remote server for authentication.
|Before the user name
|Specifies that the realm name is to be prefixed to the user name. Commonly used when the ‘\’ character is the separator between realm and user name.
|After the user name
|Specifies that the realm name is to be suffixed to the user name. Commonly used when the ‘@’ character is the separator between user name and realm.
8. Merging Information from Other Profiles
If you have information in existing connection profiles that you need in the connection profile you are building, you can use the CMAK wizard to merge much of the information from existing profiles into the profile you are building. A profile that contains information from other connection profiles is called the top-level profile. A connection profile that has its information merged into another connection profile is called a component profile.
|Displays the list of all available connection profiles that contain settings that can be merged into the current profile.
|Profiles to be merged
|Displays the list of all connection profiles whose settings you selected to include in the current profile.
|Moves the selected connection profile in the Existing Profiles list to the Profiles to be merged list.
|Removes the selected connection profile from the Profiles to be merged list.
Select connection profiles from the left-hand list, and then click Add to move them to the right-hand list. Connection profiles in the right-hand list when the profile is compiled are merged into the current profile.
9. VPN Support Addition
A virtual private network (VPN) is an encrypted session between the client and the remote server to which it is connected. The remote server can act as a router, sending the packets received from the client on its public network adapter to a separate, secured network attached to a second, private network adapter. To specify that the connection is to be a VPN link to a remote server, select the appropriate check box at the top of the dialog box. Then enter the name or IP address of the VPN server, or supply a text file with a list of VPN server names or addresses from which the user can select.
|Phone book from this profile
|Specifies that the VPN connection can be completed by using any dial-up settings stored in the phone book associated with this connection profile.
|Phone books from the merged profiles
|Specifies that the VPN connection can be completed over any dial-up settings stored in the phone books associated with the merged connection profiles.
|Always use the same VPN server
|When selected, specifies the DNS name or IP address of the VPN to which the client is to connect.
|Allow the user to choose a VPN server before connecting
|When selected, specifies a text file that lists the VPN servers from which the users can choose. For more information about how the text file must be formatted, see https://go.microsoft.com/fwlink/?LinkId=80962 on the Microsoft Web site.
|Use the same user name and password for VPN and dial-up connections
|Specifies that if the user establishes this VPN connection over a dial-up network connection, that the same user name and password that grants access to the dial-up network also grants access to the VPN server.
If you check either the Phone book from this profile or the Phone books from the merged profiles check boxes to indicate that you do want VPN support in this connection profile, then the Create or Modify a VPN Entry page is included in the CMAK wizard after this page. If you do not check either of the top two check boxes, then the wizard pages for configuring VPN entries do not appear.
10. Custom Phone Book Inclusion
By using Phone Book Administrator, included with Connection Point Services (CPS), you can create a phone book file that contains a list of multiple access numbers to connect to a remote dial-up network. On the Add a Custom Phone Book wizard page, you include this phone book in your connection profile. If you provide access to the phone book file over the Internet, you can configure the profile to automatically download new versions of the phone book file whenever the client successfully connects by using this connection profile.
Note: You can specify that your users download the phone book the first time they connect using this profile by not including the phone book file name on this page. Select the Automatically download phone book updates check box, and then enter the phone book name and download location on the next wizard page.
|Phone book file
|Specifies the path to the phone book file you want included in the connection profile. If you know the path to the file you can enter it directly in the text box. Otherwise, click Browse, and then navigate to the file.
|Automatically download phone book updates
|Select this check box if you want the client to check for newer versions of the phone book file, and to update it whenever this connection profile successfully connects to the network. If selected, this setting causes the Specify an Automatic Phone Book Update Server page to appear next in the wizard.
|More access number text
|Specifies the text that appears in the label next to the list of phone numbers displayed on the client.
11. Dial-up Networking Entries Configuration
A dial-up phone number in the custom phone book you specified on the previous page is referred to as a Point of Presence (POP). Each POP that you create by using the Phone Book Administrator tool can specify a Dial-up Networking Entry on its Settings tab. If this setting matches an entry on the Configure Dial-up Networking Entries page of the CMAK wizard, then that dial-up networking entry is used to configure a client with an IP address, DNS and WINS servers, and security settings. If the setting in the phone book does not match one of the dial-up networking entries in the CMAK wizard, then the entry marked <Default> is used to configure that connection.
|Creates a new dial-up entry. The name should match the Dial-up Networking Entries field of the custom phone book supplied on the previous page of the CMAK wizard.
|Edits the currently selected dial-up networking entry.
|Deletes the currently selected dial-up networking entry. You cannot delete the <Default> entry.
12. Routing Table Updates
You can alter the client routing tables according to settings specified in a connection profile in order to better manage your network traffic and security. You can include a routing table update file in the connection profile; provide a URL to a server that is checked for updates, or both.
|Do not change the routing tables
|Specifies that the client routing tables are not changed when using this connection profile. The client computer has access to both the original set of networks as well as the remote network provided by this connection profile.
|Define a routing table update
|Specifies that the routing tables are updated during the connection process in the update file.
|Route file to include
|Specifies a routing table update file that is compiled into the connection profile and installed on the client computers with the connection profile.
|URL to a route file
|Specifies a routing table update file hosted on a Web server that is downloaded automatically and applied whenever the profile successfully connects.
|If this URL is unavailable, disconnect the client
|If checked, this specifies that the connection fails if the specified routing table update file cannot be downloaded.
13. Add Custom Actions
ou can enhance the connection experience for your users by providing additional programs that automatically start during the connection to your service. You can use the CMAK wizard to include custom actions in your connection profiles when users connect to your service. These custom actions can automatically start and use programs that users have already installed, or you can include the programs with your service profile.
|Filters the Custom actions list to only include actions of the selected type.
|The list of custom actions that are currently defined in the connection profile. Some might already be present due to your selections in previous pages of the wizard.
|Add a new custom action to the connection profile. For details, see the “New/Edit Custom Action” section of this topic.
|Edits an existing custom action. For details, see the “New/Edit Custom Action” section of this topic.
|Removes the selected custom action from the list.
New/Edit Custom Action dialog box
When you choose to add or edit a custom action, this dialog box allows you to configure the action.
|Specifies the name of this custom action.
|Program to run
|Specifies the command, executable program, dynamic-link library (DLL), or batch file to run to carry out this custom action. If the file is already present on the client computers, then specify the path to where the file is located. You can use environment variables such as %SystemRoot%.
|Specifies the required command-line options for the custom action.
|Specifies when, during the connection process, that the action is invoked. Options include:Pre-init
Pre-dial (for dial-up connections only)
Pre-tunnel (for virtual private network (VPN) connections only)
|Run this custom action for
|Specifies the condition under which the custom action is performed. Options include:All connections
All connections that involve dial-up
All connections that involve a tunnel
Connections that use only a tunnel
Connections that use only dial-up
|Include the custom action program with this service profile
|If the executable program for this action is not part of the standard deployment for your client computers, then you can include the file in the profile to be installed when the user installs the connection profile. The file is installed in the folder that contains the connection profile.
|Program interacts with the user
|Specifies that Connection Manager will only run the custom action if it is in an interactive state. If this check box is not selected and Connection Manager is in a non-interactive state, then a program called by the custom action that attempts to interact with the user will halt the connection process indefinitely, waiting for a response from the user.
|Specifies that the custom action requires the use of administrative privileges to complete. If User Account Control is enabled, selecting this check box causes Connection Manager to prompt the user for permission to continue (if the user is a member of the Administrators group), or for administrator credentials (if the user is not a member of the Administrators group).
14. Connection Profile and Installation Program Building
When you finish entering information and are ready for the CMAK wizard to build a connection profile, click Next. After the CMAK wizard builds the connection profile, a dialog box displays the folder and file name that were used to save the profile.
Warning: After you click Next on the Build the Connection Manager Profile and Its Installation Program page, the Back button is unavailable. To change the profile, you will have to run the CMAK wizard again.
|Specifies that you want to manually configure specific advanced settings in the connection profile configuration files before compiling the profile into an installer file.
After you finish, you can continue with manual advanced customization, including editing the .cms files and other service-profile files. Be sure to rerun the CMAK wizard after completing advanced customization to include the customized files in your connection profile installation program.
15. Advanced Customizations
The CMAK wizard supports most of the customization features that administrators need to build a custom Connection Manager connection profile. However, you can customize additional features by editing the connection profile files, thereby changing the manner in which Connection Manager handles specific functions.
|Specifies the name of the file you wish to modify. The choices in Section name change based on which file you select. You can modify the .cms or .cmp file associated with your connection profile.
|Specifies the section name containing a setting you want to modify. The choices in Key name change based on the section name you select.
|Specifies the individual setting you want to modify. When you select a key name, the current value assigned in the file is displayed in the Value text box.
|Specifies the value you want to assign to this configuration setting.
|Changes the value assigned to the key name in the section and file identified.
For more information please consult the Connection Manager Administration Kit Operations Guide – Developing custom elements (Microsoft Learn).
4. How CMAK Evolved Over Time
Initial Versions (Including Windows 2000)
Let’s rewind the clock. CMAK got its start in the Windows 2000 era. Back then, it was a simpler tool but set the groundwork for what was to come. The main focus was on dial-up connections, a necessity of that time.
Customization features include:
- Animated logon screen, which can include a custom logo
- Desktop icons
- The language the dialer displays to the customer
- Support numbers and help files
- Various connect actions that the dialer performs when dialing, such as shutting down applications or downloading files
Updates in Windows Server 2012 and Windows 8
Fast forward to Windows Server 2012 and Windows 8. These versions marked significant leaps. Features expanded, with greater emphasis on broadband and VPN connections. User interfaces became more intuitive, and backend services got more robust.
However, all good things must come to an end. Post-Windows Server 2012 and Windows 8, Microsoft deprecated CMAK. Why? Newer, more modern solutions emerged, rendering CMAK less crucial. Yet, it’s important to note that the tool still holds value for specific scenarios and legacy systems.
5. Alternatives to Connection Manager Administration Kit
As we all know, technology never stands still. Although CMAK has its merits, newer solutions have emerged that offer similar or enhanced capabilities. Let’s explore a few.
- OpenVPN: This open-source solution offers a high degree of customization and robust security features. Plus, it’s compatible with a wide range of operating systems.
- Cisco AnyConnect: Known for its strong security protocols, AnyConnect also provides a seamless user experience across devices and networks.
- Microsoft DirectAccess: Integrated into Windows, DirectAccess provides an automated, transparent connection to the corporate network.
- Azure Point-to-Site VPN: If you’re already in the Microsoft ecosystem, this Azure-based solution offers a cloud-centric approach to secure remote access.
Comparison with CMAK
Now, how do these stack up against CMAK?
- Customization: While CMAK excels in customization, OpenVPN matches it but offers better cross-platform support.
- Security: Cisco AnyConnect and Azure Point-to-Site VPN have the edge with modern security protocols.
- Ease of Use: DirectAccess and Azure Point-to-Site VPN offer more automated, user-friendly experiences.
- Legacy Support: CMAK still holds value for older systems, where newer solutions may not be viable.
» What is CMAK?
CMAK is a Microsoft toolkit for creating customizable remote access solutions.
» Is CMAK still supported?
It has been deprecated post-Windows Server 2012 and Windows 8 but may still work on older systems.
» Can I use CMAK for a VPN?
Yes, it can be used to create VPN connections, among other types.
» What are some alternatives to CMAK?
Modern alternatives include OpenVPN, Cisco AnyConnect, Microsoft DirectAccess, and Azure Point-to-Site VPN.