User needs to connect to network resources from a non-domain computer using VPN

I have a Windows 2003 SBS server/network.
Some users need to access network files from their home computer running WinXP/Pro through VPN.

I got them to connect to the network and they are able to view files but can not save files to the network (They have full rights to the directory)

I also would like them to run the login script after connecting through the VPN.  Is there a way to force a second domain logon after the VPN connects and authenticate?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

How are they authenticating to the Windows 2003 Network right now?

What are you using for VPN Connectivity?
ivolachAuthor Commented:
They are using WinXP VPN connection
The VPN login authenticate them.
Is the VPN authentication tied to Active Directory or no?
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

ivolachAuthor Commented:
I believe it is
To word it another way, is your Windows server your VPN server also?

If indeed it is, check out this article:

There's a section talking about where to check off for domain login in the VPN client settings.

Let us know if it helps or not.
ivolachAuthor Commented:
Yes it is
ivolachAuthor Commented:
Every thing in the article has been followed and I can see that the work network is connected.
The difficulty I am facing is that It is very difficult to map a drive to the network and even when I succeed, I can open files but in a read only mode and I can not save any files to the network.
ReadOnly has nothting to do with VPN setting, double check your permissions and make sure the you have correctly configured the VPN connection setting at cleint end to include/exclude the Domain name option.

You can use "Connection Manager" to create VPN Custom connection. This will allow you to run a script after the vpn connection has been established. Just add the login script and it should work.
ivolachAuthor Commented:
I have checked all the permissions and they are properly setup.

Does the fact that the home computer is not part of the domain affect anything?

I have used the connection manager and I could not find the parameter or area that allows to run a script after the vpn connection has been established.

In any case, when I try to map the network drive to my \\servername\sharename I get an error: a device attached to the system is not functioning
just curious..are you using IPsec or the PPTP implmentation for vpn authentication? (the PPTP route is very unsecure)

a good, secure vpn solution for SOHO organizations to check out is himachi -
ivolachAuthor Commented:
ivolachAuthor Commented:
When I use the same settings on a notebook that is part of the domain I have no problems connecting and using the resources on the network. (in both cases connecting from home)
Can you try with \\ServerIPAddress\sharename and see if it works?

Are you able to ping the server, and are you able to ping the client after VPN is established from server?

Lets break down the issue into two parts. First we will try to fix the connectivity/mapping and latter will work the automating via script.
ivolachAuthor Commented:
I can ping the server from the client but can not ping the client from the server.

I have tried the \\serveripadress\sharename and it does not work
What kind of Firewall are you running on the client, and can you disable it and test again? Where is the VPN terminating at SBS or a seperate device?

ivolachAuthor Commented:
the VPN is terminating at SBS
The firewall is TrendMicro

I can disable the firewall, but the question remains, why can I connect through the VPN when I use a computer that belongs to the domain and can not do it when I use a computer that does not belong to the domain.

In any case, on the computer that does not belong to the domain, I can connect through the VPN, I can see that the user is authenticated, the computer gets an IP from the server DHCP and yet I can not access the resources.
Juan OcasioApplication DeveloperCommented:
Try this batch file

net use driveLetter \\ComputerName\ShareName * /user:DomainName\UserName

This will force authentication  as a AD user in your domain and they should have whatever permissions that user has on the network

Juan OcasioApplication DeveloperCommented:
PS, you will use this batch file after the user is logged onto the domain through VPN.

Juan OcasioApplication DeveloperCommented:
BTW, you'd copy the line I provided and save as with a bat extension.  So if you want jdoe to be able to map drive j to a folder called company on the xyz server in the domain COMPANY, you would type in the following:

net use j: \\xyz\company * /user:COMPANY\jdoe

The * will prompt the user to enter their network password for the username provided.
ivolachAuthor Commented:
I have tried and I got the error message:
user contaxt supplied is invalid (3775)
Did you try after disabling firewall?
ivolachAuthor Commented:
I did and got the same results
ivolachAuthor Commented:
I have checked again and after disabling the firewall on the client PC I am able to map the drive and read the files but I can't save files, create new ones etc.

I have checked again the permissions on the directory, including disabling the inheriting rights from parent directory, I have all the rights except take ownership and change rights.
Can you login inside your network with same username/password and see if they are able to read and save files?

Also post the output from 'net use' and 'net config' command both outside and inside the network.

There is not much in VPN setting you can do to restrict read/write access. It is handled by above layer 4, so we have to look at the authentication / login issues to narrow it down.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ivolachAuthor Commented:
I will follow your directions a little later when I am in the office.

However, I have noticed from the server logs that although I connect the VPN as '\\domain\user1' the server logs an attempt to login as '\\homecomputer\homeuser' and obviously rejects that attempt.
ivolachAuthor Commented:
I have found the problem and it had to do with the access rights to the share.

Very good.

Do you still need help with login script?
ivolachAuthor Commented:
It looks like once you map the network drive it stays there for future connection so it is probably going to work the way it is

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.