Re: Remote disconnected users and Active Directory

There's a bunch of different ways of going about this:
- You say you don't have documentation on how to connect before logon. What
VPN are you using?
- If it won't do that, you have to reconsider the architecture. If they only
use mail and intranet they don't really need a network VPN. You might use
more of a web portal with a place to change or recover passwords. The Dot
Net Factory have a nice product for that.
Hope that helps,
Anthony
http://www.airdesk.co.uk



"RayRay" <RayRay@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2A047EED-F7CE-4D84-9527-0116BA4ABEFE@xxxxxxxxxxxxxxxx
Hello,

We have many users that are part of our sales team that do not work out of
our offices but instead work out of their homes. They connect to our
network
using a SSL based VPN connection to get mail and access our Intranet.
Currently they are not part of our Active Directory infrustucture because
they cannot authenticate to AD until the VPN connection is establish thus
they do not apply group policies, run log on scripts, or modify their last
logon timestamps. This causes passwords to expire without the users being
informed, computer objects to become stale and a slew of other interesting
senarios that become unacceptable for the users. In some cases we've had
users mail their machines so we could log on and send it back.

My question is what other options exist? Is there anyway to trigger
Windows
authentication again afterthe user logs in and connects to our networkvia
VPN? What are other organizations doing for similar senarios?

I know we could put a DC on the DMZ but that is a hugh security risk in
our
organization. We also thought about having the VPN connection connect
prior
to logon so that the initial Windows authentication takes place after
connecting to our network but I do not have any documents/information on
how
to accomplish it.

Ultimately we are concerned about the application of GPOs, passwords
policies and how the user could be informed about upcoming expiring
passwords.

Any suggestions?
Thanks
Ray


.

Relevant Pages

  • Re: One of 2 users cannot logon.
    ... SBS server, it does not create a VPN connection. ... to restart the PC and logon _without_ establishing the VPN during logon. ...
    (microsoft.public.windows.server.sbs)
  • RE: Offline files, VPNs (PPTP) and Slow Link Detection
    ... To confirm, if a slow link is detected, then certian GPO policies will not ... at the CRTL+ALTLDEL screen via a dial up VPN? ... with Slow link detection", I can assume that if the folders such as "My ... Logon domain and VPN. ...
    (microsoft.public.windows.server.sbs)
  • Re: One of 2 users cannot logon.
    ... then selects the option to 'logo on via dialup' and clicks 'OK', ... will result allowing him to choose the VPN connector to do so and he will ... to restart the PC and logon _without_ establishing the VPN during logon. ... the vpn connection and they are on their way. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Security Management Question
    ... capturing the passwords is trivial regardless ... The VPN should not bypass network or server security. ... > then they could call the vpn connection manager, and, if the passwords ...
    (microsoft.public.security)
  • RE: VPN Problem with a domain account versus local computer account
    ... logon domain remotely. ... allow VPN client access, and there is a client computer that is configured ... Enable remote access on domain user accounts ...
    (microsoft.public.windows.server.sbs)