RE: Another additional DC question

Agreed Local Admin Rights is scary, but the powers to be have over ruled my
opinion of this.....

Would I need a routing and remote access server even if I have layer 3
switches on each end creating the VPN tunnel to both sites? Isn't RRAS a
software version of a layer 3 switch/router? DNS I was aware of so ya makes
sense for DC as well, and probably DHCP too. But RRAS I wasn't thinking i
needed if indeed I do?

"Dude" wrote:

You would have better network performanceand security with a DC at Site B.
You will probably need a Routing and Remote Access Server and a DNS server at
Site B, so why not promote that server to be to a DC as well?

Giving all users local admin rights is a bad idea. They would be able to
download and install ANYTHING from the internet, not to mention brining in
thumb drives in from home that contain viruses.

"Hollywood0728" wrote:

Good Morning -

I wanted to kind of bounce a concern off anyone who may be able to help. My
company has acquired an additional building and is looking to put some
employees over at this new building for space reasons. Hes the situation:

Site A = Main site where all servers are held now
Site B = Branch site where clients use MS VPN client to remote to Site A

Both Sites have a T1 for internet and a Point to Point T1 to connect the
buildings together for our new phone system. Since we have the Point to Point
in place with Layer 3 switches on each end, I figured rather than having
Clients use VPN, why not have them log on to the domain that Site A hosts. My
question is this, what is the advantage of having a DC/global catalog Server
at the branch office? As long as my users are administrators on their local
machines, they are able to log on to the domain profile even if a DC is not
accessible (I know this cause I bring my laptop home all the time and never
have problems) Now if the Point to Point goes down thay won't be able to
access network resources at site A from Site B, but same is true even I have
a DC at Site B.....So is there something I may not be thinking of? Is it safe
to say that i can have the clients come over the Point to Point to site A
from site B to logon to the domain?
.

Relevant Pages

  • Re: DHCP server RAS problems
    ... you dont have Remote Access Server but you have RAS... ... So the Remote clients are taking an already taken IP then? ... get an IP from your LAN DHCP server, or you have created a pool of IP's ...
    (microsoft.public.windows.server.general)
  • Re: getting me ducks in a row - concepts
    ... Don't create local login accounts for users, ... > the user has local admin rights and you will want to tweak this using RegMon ... keys on the server? ...
    (microsoft.public.windows.server.sbs)
  • Re: Local Administrator
    ... system and/or registry to accomodate the database updates. ... What I need is the users to have, ocasionally, local admin rights over ... their own workstations (never the server). ... remove the domain group from the local administrator group. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Another additional DC question
    ... You would have better network performanceand security with a DC at Site B. ... You will probably need a Routing and Remote Access Server and a DNS server at ... Clients use VPN, why not have them log on to the domain that Site A hosts. ...
    (microsoft.public.cert.exam.mcse)
  • Re: Local Administrator
    ... does Windows Server 2003 resource kit comes with it ... I also found a VB script that adds to the local administrator account. ... system and/or registry to accomodate the database updates. ... What I need is the users to have, ocasionally, local admin rights ...
    (microsoft.public.windows.server.active_directory)