We help IT Professionals succeed at work.

Active Directory authentication and drive mappings for VPN users.

Sharkgrill
Sharkgrill asked
on
365 Views
Last Modified: 2010-03-18
We have a 2003 Standard Domain Controller (Win2k3 network)

and a Cisco 5510 Firewall with VPN module built in.


The VPN is working great and users are able to login etc. The problem is with mapped drives. I am able to browse to the specified network drives but I want users to have the ability to login and have their correct drive mappings. Am I able to do this?

Thank you in advance
Comment
Watch Question

CERTIFIED EXPERT

Commented:
Are you using a Cisco VPN client on the users machines?  If you are you can set your Cisco VPN client to authenticate before login, in this way you will be able to run any login scripts to map your drives. Since login to the domain happens after you authenticate to the VPN, you will login to a DC and the scripts will execute.

Author

Commented:
Thank you for the reply.


Yes I am using the VPN client.

Do you setup a seperate GPO designed soley for VPN users to map those drives? What my director is asking me to do is: Allow the users to simply run the VPN client, enter username and password and the drive mapping begins.  Maybe I need more advice with the scripts. Where do I put those scripts?
Chris StauntonSr. Infrastructure Engineer

Commented:
Here's how I do it at home:

Connect to the VPN tunnel before login, then login as a normal user on the PC, join the computer to the company network, logout as the local user, restore the VPN tunnel and then login as my company account.  This acts like any other company login and maps any drives / printers that I normally use.  Granted the process is a little slower as I'm coming in via a VPN session but my home computer functions like my workstation at the office.


Cheers,

Chris

Author

Commented:
Lilshooter;

Thank you. The issue with that soloution is simple. Our sales guys can hardly tie thier own shoes. If we had to ask them to join a domain they would immediately have heart attacks and start to panic.  Ideally we would like the users to get the VPN prompt, login to the tunnel, then to windows and all the drive mappings be in place.  Does that make sense?
Chris StauntonSr. Infrastructure Engineer

Commented:
hahahah  I know the feeling!

Well is your Cisco authentication tied into your AD?  Otherwise they are simply inside your network without Windows Authentication.  Some of our employees that like to do work from home memorize the IP address of their machines, have remote desktop enabled and then terminal serve into their machines.  Is this a possibility?

Chris

Author

Commented:
That's the question I guess.  How to tie Cisco with AD. In a sense it is because users can browse to their drives. I just want to be able to map those drives at login.
Chris StauntonSr. Infrastructure Engineer

Commented:
You'd have to give them a batch file to run, maybe a link from a webpage they navigate to or something.  They are still prompted for authentication when they access anything on the network so maybe a batch file launched from a webpage would do the trick for ya.


Chris
Chris StauntonSr. Infrastructure Engineer

Commented:
From my knowledge of Cisco 506e firewalls there was no way to use AD integration other then setting up a Radius server to allow users to use a pptp client to connect to the Firewall, of course this only gives a secure tunnel in and not a split tunnel, so they lose internet connectivity when logged in that way.

Chris

Author

Commented:
I will give it a shot. thank you

Author

Commented:
Actually its a 5510 firewall
CERTIFIED EXPERT

Commented:
You would reference the login script in the users account properties in AD. Like I posted earlier, you will want to authenticate to the VPN first, then login to the domain, when the user logs in the scripts will execute and the drives will be mapped.

Author

Commented:
Thanks valicon;

Would the user have to join the domain first?  Or launch the VPN application at startup and the scripts should run?
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Chris StauntonSr. Infrastructure Engineer

Commented:
@ home the user will need to use a different login in order to get to the domain:  username: joeuser@corp.local
password: companypassword

Chris

Author

Commented:
Works like a champ...  The problem was the batch file itself and users being able to run it whenever they launch the VPN client. I tweaked the batch file in AD and granted remote access and it mapped... Thanks for ALL the help
CERTIFIED EXPERT

Commented:
Glad to help out :)

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.