Re: Enable Remote Laptops to run GPO's, and access files

From: "Bill Grant" <not.available@online>
Date: Sat, 17 Nov 2007 12:31:06 +1100

I can think of at least two ways that you could do this using a VPN connection.

The first is to use the "logon using a dialup connection" option on the client. This forces the client to do a domain login at connection time, and this should force the GPO to be applied.

The second would be to force the client to do a domain login after connection. The VPN connection process and domain login are two separate operations.

"Justin" <Justin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:A5FA1D46-28CC-4021-9E9B-A16435D4207B@xxxxxxxxxxxxxxxx

Hello,

I am trying to figure out how I can enable our company issued laptops to run
GPO's, and scripts over the Internet without any need to use a VPN client. I
don’t think there is any way of doing this with a VPN client because the GPO
processing happens before the VPN client is called up for users to enter
credentials.

Are there any resources for on this topic? The only solution I have been
able to conjure up is to place a domain controller in a public DMZ, and open
up IPSec to it from the Internet. Then create an IPSec policy that forces
all communications to that domain controller to use IPSec. I don’t know
about security on this so wanted to check here first.

This would only work with a valid domain name, and if public DNS servers
contain info so the laptops could find the domain controller.

Any comments or alternative solutions would be great. If I want to grant
our user’s access to their "My Documents" I could put a file server in the
DMZ, and use IPSec to it also.

I don’t want to do something funky, but that was the only thing I could come
up with. I’m open to other ideas.

Follow-Ups:
- Re: Enable Remote Laptops to run GPO's, and access files
  - From: Bill Grant

Prev by Date: Re: Riddle me this batman.. please help
Next by Date: Re: Enable Remote Laptops to run GPO's, and access files
Previous by thread: Re: Riddle me this batman.. please help
Next by thread: Re: Enable Remote Laptops to run GPO's, and access files
Index(es):
- Date
- Thread

Relevant Pages

Re: WRT54GL with DD-WRT VPN firmware - wheres the beef?
... this morning I was messing around with the built-in vpn ... I created an incoming connection and forwarded port ... Sonicwall prefers an IPSec VPN. ... people in the remote office need to access an Excel spreadsheet that is on ...
(alt.internet.wireless)
Re: sysopt permit-ipsec
... Implicitly permit any packet that came from an IPSec tunnel and bypass ... Everything went okay and the VPN works fine. ... > As my config had 'sysopt connection permit-ipsec' I presumed that I could ...
(comp.dcom.sys.cisco)
Re: WRT54GL with DD-WRT VPN firmware - wheres the beef?
... this morning I was messing around with the built-in vpn ... I created an incoming connection and forwarded ... Sonicwall prefers an IPSec VPN. ... people in the remote office need to access an Excel spreadsheet that is ...
(alt.internet.wireless)
Re: Strange VPN problem
... What IOS version TAC suggests to get rid off this problem? ... >> When I'm connected to my VPN gateway with Cisco VPN ... This issue occurs whether the vpn connection is idle or there is ... That's why I reinstalled the VPN client, ...
(comp.dcom.sys.cisco)
Re: VPN client problems
... because my VPN client access will only be for short periods of time and I can do without Internet access during those times. ... This evidently is keeping me from Adding a Network Place for my connection. ... I set up a VPN client to another machine using its IP address with the correct username and password. ...
(microsoft.public.win2000.networking)