Re: Configuring Sites

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Inline;

--
/kj
"JoeF" <JoeF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1704469C-CFA5-4A9B-91C9-AE83FF41EE3C@xxxxxxxxxxxxxxxx
This is a new thread RE: Site Configuration

I have a SBS 2003 in NY managing about 5-6 computers. I have a Windows
2000
server running in NC joined to the domain over a vpn. I have NOT made this
a
domain controller or AD of any kind.

I need to separate Group Policy (My
Documents Folder Redirection) in NY and NC.

This can be done without a second DC using some creative modification of
group policy.

Should I make the 2000 server an AD domain controller?

This can help avoid authentication (logon) across the VPN, but there are
things to consider before doing this;

What is the bandwidth of the network connections the VPN runs on (T1)?
How many users/computers in NC?


Will this affect MS
licensing?

Not for anything you've described so far.

If so, should SITES be created? - Also, If SITES should be
created, how do I go about doing this?

SITES would define preferred domain controllers for user logon and group
policy. They are created by defining subnets in active directory sites and
services.

Is there anything to worry about?

Lots, of course. The main issues are;

Will the benifit of local logons outweight the Active Directory
replication demands on the VPN?

Will the VPN reliably support AD connectivity

Are you administratively prepared to support two AD sites and DC's?


Thanks.

-JoeF

I had a similar situation. Our SBS is in FL, and our other member server
is
in NY. Connected via VPN.
What I did, was create two security groups. One for FL and one for NY.
Now
whenever we get a new user, I add him to the appropriate group. Then from
there, I go into GPMC, and I take off "Authenticated users" for my "Small
Buisness Server Folder Redirection" policy, and replace it with the FL
group, only THAT group will process it.

I created a Folder redirection policy for our NY Site as well (provided
you
have sites setup). This works great.
Let me know if this helps.

Darryl



.

Relevant Pages

  • Re: IP Security Policies Not Applied / Not Working
    ... Do you initiate your vpn connections via the Neware Connections folder? ... If so can you check the Windows 2000 machine for the regkey ProhibitIpsec - ... I have set up the identical policy on the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Industry Standard Security and guest wifi access best practice
    ... with IPSEC VPN clients has not been positive. ... Then they probably won't support other forms of security. ... to switch all connections into SSL mode. ... Use WPA to encrypt wireless traffic, ...
    (alt.internet.wireless)
  • RE: Sandboxing
    ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ...
    (Focus-IDS)
  • Re: Remote Desktop thru VPN and Network Security
    ... You can use Remote Access Policies to configure exactly what users can ... access via their VPN connection. ... If you create a policy you can then edit ... infection if users are copying files back and forth between computers. ...
    (microsoft.public.windows.terminal_services)
  • Re: Remote Desktop thru VPN and Network Security
    ... You can use Remote Access Policies to configure exactly what users can ... access via their VPN connection. ... If you create a policy you can then edit ... infection if users are copying files back and forth between computers. ...
    (microsoft.public.security)