is it possible virus affected VPN client spread virus in corporate network?

"its better to allow clients to access the server through Remote Desktop..."
How do you do that? is there a way to only allow rdp in vpn? what's the method you use?

Well if they are already using the VPN client.Than after they connect to the network through the vpn.They can simply go to their Remote Desktop Client by going to start menu and type mstsc in run command and simply type the ip address of the server and login with their own domain account just like they use their account in their office computers.Otherwise a very simple is to forward your Server IP address on dydndns url.But i dont think they would remember such long URLs to type in RDP.Its better to create a shortcut of RDP consist of dyndns URL or the local ip address of the server (only if they are using vpn client) and simply access the server by double clicking on the RDP shortcut.Thank you.Hope you understand.

I was saying is there any way that I can setup any policy so client only able to rdp, but no access to network resources.

thanx bbao, very good explanation.
>a better approach is only allowing HTTP traffic to your internal web portal for shared documents

do you mean the end user will only be able to browse documents in web interface, they will not be able to run MS word or other apps? I guess it's safe, but not very practical for most of the use....

so if I allow them to use RDP without enabling 'local resource', virus should not be a problem right?