Connection Manager Administration Kit (CMAK)

Last Edited



, ,

In the fast-paced world of networking, the ability to connect remotely to different networks is no longer a luxury but a necessity. For years, Microsoft’s Connection Manager Administration Kit (CMAK) has been a vital tool in this arena. Although deprecated after Windows Server 2012 and Windows 8, this tool remains an essential part of networking history and still holds relevance for certain use-cases today. This article will provide a deep dive into CMAK, focusing mainly on its more recent versions while giving a nod to its historical background.

In this article:

  1. What is the Connection Manager Administration Kit (CMAK)?
  2. Installing CMAK
  3. Run the CMAK Wizard to Create a Connection Profile
  4. How CMAK Evolved Over Time
  5. Alternatives to CMAK
  6. FAQs
  7. References and Further Reading

1. What is the Connection Manager Administration Kit (CMAK)?

First off, let’s tackle the basics. The Connection Manager Administration Kit, commonly known as CMAK, is a Microsoft tool. It focuses on creating customizable network connectivity solutions. Specifically, it allows users to connect remotely to various types of networks. These can be anything from Internet service providers (ISPs) to corporate networks safeguarded by VPN servers.

The Connection Manager Administration Kit (CMAK) is a tool that you can use to customize the remote connection experience for users on your network by creating pre-defined connections to remote servers and networks. To create and customize a connection for your users, you use the CMAK wizard.

Lastly, let’s break it down. CMAK consists of multiple components. One main component is the Connection Manager (CM).


Now, a quick journey back in time. Believe it or not, CMAK has been around since the days of Windows 2000. However, it gained more features and became more refined with each new version of Windows. By the time we reached Windows Server 2012 and Windows 8, the tool was comprehensive but eventually deprecated.

2. Installing CMAK?

CMAK isn’t part of the default installation package, so you’ll need to manually install it if you want to create connection profiles for remote network access.

To perform this installation, you’ll need to have membership in the local Administrators group, or an equivalent level of access.

Installation Steps:

  1. Open Server Manager: Start by clicking on the Start menu. Next, go to Administrative Tools and then select Server Manager.
  2. User Account Control: If a User Account Control dialog box pops up, ensure that the displayed action aligns with your intent, and then click on ‘Continue.’
  3. Navigate to Features: Within Server Manager, locate the navigation pane on the side and click on ‘Features.’
  4. Select CMAK: From the list of available features, find and select ‘Connection Manager Administration Kit.’ Then click ‘Next.’
  5. Confirm and Install: You’ll land on a page titled ‘Confirm Installation Selections.’ Here, go ahead and click ‘Install.’
  6. Check Installation: Once the installation finishes, you’ll be directed to the ‘Installation Results’ page. Confirm the installation’s success and click ‘Close.’

3. Run the CMAK Wizard to Create a Connection Profile

With the CMAK wizard, configuring a new or modifying an existing connection profile becomes a step-by-step process. Each page of the wizard guides you through another aspect of the setup.

Launching the CMAK Wizard:

  1. Access Server Manager: Click on the Start menu, head over to Administrative Tools, and then select Connection Manager Administration Kit. If you don’t see this option, you’ll need to install CMAK first.
  2. User Account Control: If prompted by a User Account Control dialog, verify the action and click ‘Continue.’
  3. Starting Point: Once the Welcome page appears, click ‘Next’ to proceed.

4. Target Operating System Selection

When you create a connection profile, you must specify the operating system that it supports. Connection Manager version 1.4 adds support for features that require Microsoft® Windows Vista® or Windows Server® 2008, or later on the client computer. Selecting the correct target operating system group ensures that the most appropriate features are available to the users of the profile.

Windows Vista or Windows Server 2008Specifies that the profile includes features that can only be used on a computer running those operating systems
Windows Server 2003, Windows XP, or Windows 2000Specifies that the profile includes only those features that can be used on any supported operating system, including Windows Vista and Windows

5. Connection Profile Creation or Modification

Each time you run the CMAK wizard, you create or modify a connection profile. You can create as many connection profiles as needed to support different specific remote network user groups.

New profileSpecifies that you want to create a new connection profile.
Existing profileSpecifies that you want to modify an existing connection profile. CMAK displays connection profiles that you created previously on this computer.

6. Service and File Name Specification

For each connection profile you create, you must specify a service name and a file name.

Important: Make sure that the service and file names are different from all other service and file names that you provide to your remote network users. If two connection profiles on the same computer have the same service or file name, the associated connection icons do not work correctly.

Service nameSpecifies the name that users see when looking at the list of connection profiles installed on their computers.
File nameSpecifies the file name used to store the created connection profile. When editing an existing connection profile, if you do not want to write over the existing connection profile, you must change the file name.

7. Realm Name Entry

Realm names are used for network routing and authentication. They provide the identification necessary to forward authentication requests to the server that holds the user’s credentials. In Windows, this is often an Active Directory® Domain Services (AD DS)domain name. Realm information is only used for dial-up connections.

Do not add a realm name to the user nameSpecifies that the connection profile sends the user name to the remote server exactly as typed.
Add a realm name to the user nameSpecifies that the connection profile adds the realm name entered on this page to every user name before it is sent to the remote server for authentication.
Realm name (include separator character)Specifies the text added to the user name before it is sent to the remote server for authentication.
Before the user nameSpecifies that the realm name is to be prefixed to the user name. Commonly used when the ‘\’ character is the separator between realm and user name.
After the user nameSpecifies that the realm name is to be suffixed to the user name. Commonly used when the ‘@’ character is the separator between user name and realm.

8. Merging Information from Other Profiles

If you have information in existing connection profiles that you need in the connection profile you are building, you can use the CMAK wizard to merge much of the information from existing profiles into the profile you are building. A profile that contains information from other connection profiles is called the top-level profile. A connection profile that has its information merged into another connection profile is called a component profile.

Existing profilesDisplays the list of all available connection profiles that contain settings that can be merged into the current profile.
Profiles to be mergedDisplays the list of all connection profiles whose settings you selected to include in the current profile.
AddMoves the selected connection profile in the Existing Profiles list to the Profiles to be merged list.
RemoveRemoves the selected connection profile from the Profiles to be merged list.

Select connection profiles from the left-hand list, and then click Add to move them to the right-hand list. Connection profiles in the right-hand list when the profile is compiled are merged into the current profile.

9. VPN Support Addition

virtual private network (VPN) is an encrypted session between the client and the remote server to which it is connected. The remote server can act as a router, sending the packets received from the client on its public network adapter to a separate, secured network attached to a second, private network adapter. To specify that the connection is to be a VPN link to a remote server, select the appropriate check box at the top of the dialog box. Then enter the name or IP address of the VPN server, or supply a text file with a list of VPN server names or addresses from which the user can select.

Phone book from this profileSpecifies that the VPN connection can be completed by using any dial-up settings stored in the phone book associated with this connection profile.
Phone books from the merged profilesSpecifies that the VPN connection can be completed over any dial-up settings stored in the phone books associated with the merged connection profiles.
Always use the same VPN serverWhen selected, specifies the DNS name or IP address of the VPN to which the client is to connect.
Allow the user to choose a VPN server before connectingWhen selected, specifies a text file that lists the VPN servers from which the users can choose. For more information about how the text file must be formatted, see on the Microsoft Web site.
Use the same user name and password for VPN and dial-up connectionsSpecifies that if the user establishes this VPN connection over a dial-up network connection, that the same user name and password that grants access to the dial-up network also grants access to the VPN server.

If you check either the Phone book from this profile or the Phone books from the merged profiles check boxes to indicate that you do want VPN support in this connection profile, then the Create or Modify a VPN Entry page is included in the CMAK wizard after this page. If you do not check either of the top two check boxes, then the wizard pages for configuring VPN entries do not appear.

10. Custom Phone Book Inclusion

By using Phone Book Administrator, included with Connection Point Services (CPS), you can create a phone book file that contains a list of multiple access numbers to connect to a remote dial-up network. On the Add a Custom Phone Book wizard page, you include this phone book in your connection profile. If you provide access to the phone book file over the Internet, you can configure the profile to automatically download new versions of the phone book file whenever the client successfully connects by using this connection profile.

Note: You can specify that your users download the phone book the first time they connect using this profile by not including the phone book file name on this page. Select the Automatically download phone book updates check box, and then enter the phone book name and download location on the next wizard page.

Phone book fileSpecifies the path to the phone book file you want included in the connection profile. If you know the path to the file you can enter it directly in the text box. Otherwise, click Browse, and then navigate to the file.
Automatically download phone book updatesSelect this check box if you want the client to check for newer versions of the phone book file, and to update it whenever this connection profile successfully connects to the network. If selected, this setting causes the Specify an Automatic Phone Book Update Server page to appear next in the wizard.
More access number textSpecifies the text that appears in the label next to the list of phone numbers displayed on the client.

11. Dial-up Networking Entries Configuration

A dial-up phone number in the custom phone book you specified on the previous page is referred to as a Point of Presence (POP). Each POP that you create by using the Phone Book Administrator tool can specify a Dial-up Networking Entry on its Settings tab. If this setting matches an entry on the Configure Dial-up Networking Entries page of the CMAK wizard, then that dial-up networking entry is used to configure a client with an IP address, DNS and WINS servers, and security settings. If the setting in the phone book does not match one of the dial-up networking entries in the CMAK wizard, then the entry marked <Default> is used to configure that connection.

NewCreates a new dial-up entry. The name should match the Dial-up Networking Entries field of the custom phone book supplied on the previous page of the CMAK wizard.
EditEdits the currently selected dial-up networking entry.
DeleteDeletes the currently selected dial-up networking entry. You cannot delete the <Default> entry.

12. Routing Table Updates

You can alter the client routing tables according to settings specified in a connection profile in order to better manage your network traffic and security. You can include a routing table update file in the connection profile; provide a URL to a server that is checked for updates, or both.

Do not change the routing tablesSpecifies that the client routing tables are not changed when using this connection profile. The client computer has access to both the original set of networks as well as the remote network provided by this connection profile.
Define a routing table updateSpecifies that the routing tables are updated during the connection process in the update file.
Route file to includeSpecifies a routing table update file that is compiled into the connection profile and installed on the client computers with the connection profile.
URL to a route fileSpecifies a routing table update file hosted on a Web server that is downloaded automatically and applied whenever the profile successfully connects.
If this URL is unavailable, disconnect the clientIf checked, this specifies that the connection fails if the specified routing table update file cannot be downloaded.

13. Add Custom Actions

ou can enhance the connection experience for your users by providing additional programs that automatically start during the connection to your service. You can use the CMAK wizard to include custom actions in your connection profiles when users connect to your service. These custom actions can automatically start and use programs that users have already installed, or you can include the programs with your service profile.

Action typeFilters the Custom actions list to only include actions of the selected type.
Custom actionsThe list of custom actions that are currently defined in the connection profile. Some might already be present due to your selections in previous pages of the wizard.
NewAdd a new custom action to the connection profile. For details, see the “New/Edit Custom Action” section of this topic.
EditEdits an existing custom action. For details, see the “New/Edit Custom Action” section of this topic.
DeleteRemoves the selected custom action from the list.

New/Edit Custom Action dialog box

When you choose to add or edit a custom action, this dialog box allows you to configure the action.

DescriptionSpecifies the name of this custom action.
Program to runSpecifies the command, executable program, dynamic-link library (DLL), or batch file to run to carry out this custom action. If the file is already present on the client computers, then specify the path to where the file is located. You can use environment variables such as %SystemRoot%.
ParametersSpecifies the required command-line options for the custom action.
Action typeSpecifies when, during the connection process, that the action is invoked. Options include:Pre-init


Pre-dial (for dial-up connections only)

Pre-tunnel (for virtual private network (VPN) connections only)




On cancel

On error
Run this custom action forSpecifies the condition under which the custom action is performed. Options include:All connections

All connections that involve dial-up

All connections that involve a tunnel

Connections that use only a tunnel

Connections that use only dial-up
Include the custom action program with this service profileIf the executable program for this action is not part of the standard deployment for your client computers, then you can include the file in the profile to be installed when the user installs the connection profile. The file is installed in the folder that contains the connection profile.
Program interacts with the userSpecifies that Connection Manager will only run the custom action if it is in an interactive state. If this check box is not selected and Connection Manager is in a non-interactive state, then a program called by the custom action that attempts to interact with the user will halt the connection process indefinitely, waiting for a response from the user.
Require ElevationSpecifies that the custom action requires the use of administrative privileges to complete. If User Account Control is enabled, selecting this check box causes Connection Manager to prompt the user for permission to continue (if the user is a member of the Administrators group), or for administrator credentials (if the user is not a member of the Administrators group).

14. Connection Profile and Installation Program Building

When you finish entering information and are ready for the CMAK wizard to build a connection profile, click Next. After the CMAK wizard builds the connection profile, a dialog box displays the folder and file name that were used to save the profile.

Warning: After you click Next on the Build the Connection Manager Profile and Its Installation Program page, the Back button is unavailable. To change the profile, you will have to run the CMAK wizard again.

Advanced customizationSpecifies that you want to manually configure specific advanced settings in the connection profile configuration files before compiling the profile into an installer file.

After you finish, you can continue with manual advanced customization, including editing the .cms files and other service-profile files. Be sure to rerun the CMAK wizard after completing advanced customization to include the customized files in your connection profile installation program.

15. Advanced Customizations

The CMAK wizard supports most of the customization features that administrators need to build a custom Connection Manager connection profile. However, you can customize additional features by editing the connection profile files, thereby changing the manner in which Connection Manager handles specific functions.

File nameSpecifies the name of the file you wish to modify. The choices in Section name change based on which file you select. You can modify the .cms or .cmp file associated with your connection profile.
Section nameSpecifies the section name containing a setting you want to modify. The choices in Key name change based on the section name you select.
Key nameSpecifies the individual setting you want to modify. When you select a key name, the current value assigned in the file is displayed in the Value text box.
ValueSpecifies the value you want to assign to this configuration setting.
ApplyChanges the value assigned to the key name in the section and file identified.

For more information please consult the Connection Manager Administration Kit Operations Guide – Developing custom elements (Microsoft Learn).

4. How CMAK Evolved Over Time

Initial Versions (Including Windows 2000)

Let’s rewind the clock. CMAK got its start in the Windows 2000 era. Back then, it was a simpler tool but set the groundwork for what was to come. The main focus was on dial-up connections, a necessity of that time.

Connection Manager Administration Kit Wizard
CMAK Wizard

Customization features include:

  • Animated logon screen, which can include a custom logo
  • Desktop icons
  • The language the dialer displays to the customer
  • Support numbers and help files
  • Various connect actions that the dialer performs when dialing, such as shutting down applications or downloading files

Updates in Windows Server 2012 and Windows 8

Fast forward to Windows Server 2012 and Windows 8. These versions marked significant leaps. Features expanded, with greater emphasis on broadband and VPN connections. User interfaces became more intuitive, and backend services got more robust.

Deprecated Status

However, all good things must come to an end. Post-Windows Server 2012 and Windows 8, Microsoft deprecated CMAK. Why? Newer, more modern solutions emerged, rendering CMAK less crucial. Yet, it’s important to note that the tool still holds value for specific scenarios and legacy systems.

5. Alternatives to Connection Manager Administration Kit

As we all know, technology never stands still. Although CMAK has its merits, newer solutions have emerged that offer similar or enhanced capabilities. Let’s explore a few.

Modern Solutions

  1. OpenVPN: This open-source solution offers a high degree of customization and robust security features. Plus, it’s compatible with a wide range of operating systems.
  2. Cisco AnyConnect: Known for its strong security protocols, AnyConnect also provides a seamless user experience across devices and networks.
  3. Microsoft DirectAccess: Integrated into Windows, DirectAccess provides an automated, transparent connection to the corporate network.
  4. Azure Point-to-Site VPN: If you’re already in the Microsoft ecosystem, this Azure-based solution offers a cloud-centric approach to secure remote access.

Comparison with CMAK

Now, how do these stack up against CMAK?

  • Customization: While CMAK excels in customization, OpenVPN matches it but offers better cross-platform support.
  • Security: Cisco AnyConnect and Azure Point-to-Site VPN have the edge with modern security protocols.
  • Ease of Use: DirectAccess and Azure Point-to-Site VPN offer more automated, user-friendly experiences.
  • Legacy Support: CMAK still holds value for older systems, where newer solutions may not be viable.

6. FAQs

» What is CMAK?

CMAK is a Microsoft toolkit for creating customizable remote access solutions.

» Is CMAK still supported?

It has been deprecated post-Windows Server 2012 and Windows 8 but may still work on older systems.

» Can I use CMAK for a VPN?

Yes, it can be used to create VPN connections, among other types.

» What are some alternatives to CMAK?

Modern alternatives include OpenVPN, Cisco AnyConnect, Microsoft DirectAccess, and Azure Point-to-Site VPN.

7. References and Further Reading

  1. OpenVPN: Official Website
  2. Cisco AnyConnect: Product Overview
  3. Azure Point-to-Site VPN: Microsoft Azure Documentation
  4. Microsoft DirectAccess: TechNet Overview