Remote Access, Domains, Multiple Offices

Posted on 2006-06-02
Last Modified: 2010-03-18
Dear Experts,

I work in a company that is rapidly growing, we have a head office, and then we have two smaller offices in remote locations (with another 3 opening soon).  We use cable and ADSL Broadband accounts for our internet & we have Windows Server 2003 Standard Edition at each office.  As the system administrator I need to be able to give most users the ability to login remotely.  Now I don't want to use Terminal Services because external accountants access the server to go through our quickbooks files and they will have access to everything and it would be rather painfull to lock down everything.

I have been looking at Remote Access Servers (RAS) and Remote Access Gateways (RAG).  But I just dont know where to go.

Ultimately I want all users to be able to log on remotely or locally (on the lan) using their 1 username and password and carry their own applications, files & settings.

I am also thinking along the lines of having a seperate domain at each office and have them linked somehow??

I need some sense of direction here

This is probably going to be a painfull question to answer so thanks very much in advance.
Question by:etechnicsit
    LVL 95

    Assisted Solution

    by:Lee W, MVP

    There are times when having multiple domains makes sense... simply because you have multiple sites is not one of them.

    You create OUs for each site and you delegate management rights (if desired) to users in that OU.  Put at least one DC in each site.

    In my opinion, unless you've left out something, the only remote access service you should be offering is VPN - and ideally, that will be a site-to-site VPN if the remote offices have more than 3-5 people each.  Then you can allow individuals to connect via VPN as well.

    If you want a secure network you will lock things down - either spend the time now locking it down or get fired later for not locking it down - your call.
    LVL 21

    Accepted Solution

    I agree with Leew, do not use separate domains.  This will only cause you to have to setup extra DCs at every site for failover and replication will be the bain of your existance.

    I use Site to Site VPN to connect some of my smaller branch offices to HQ.  Sonicwall makes some very nice products.  I would suggest something like a Pro2040 at the HQ with a TZ170 at each branch office.  Sonicwalls also offer the added advantage of Client connected VPN from home and when you are traveling.  Also has some add ons you can purchase for web filtering, antivirus, antispyware, etc...

    Author Comment

    Thanks guys.  Sounds great

    OK 1 Domain, 1 DC at each office, replication between DC's.  VPN Connection between DC's.

    Shall I use DFS or FRS.

    I dont understand how users will login remotely?, will I use Terminal Services?


    Author Comment

    Ahhhh! I didnt really know what a VPN was :P Excellent!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Suggested Solutions

    Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
    This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    6 Experts available now in Live!

    Get 1:1 Help Now