• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 225
  • Last Modified:

Remote Access, Domains, Multiple Offices

Dear Experts,

I work in a company that is rapidly growing, we have a head office, and then we have two smaller offices in remote locations (with another 3 opening soon).  We use cable and ADSL Broadband accounts for our internet & we have Windows Server 2003 Standard Edition at each office.  As the system administrator I need to be able to give most users the ability to login remotely.  Now I don't want to use Terminal Services because external accountants access the server to go through our quickbooks files and they will have access to everything and it would be rather painfull to lock down everything.

I have been looking at Remote Access Servers (RAS) and Remote Access Gateways (RAG).  But I just dont know where to go.

Ultimately I want all users to be able to log on remotely or locally (on the lan) using their 1 username and password and carry their own applications, files & settings.

I am also thinking along the lines of having a seperate domain at each office and have them linked somehow??

I need some sense of direction here

This is probably going to be a painfull question to answer so thanks very much in advance.
0
etechnicsit
Asked:
etechnicsit
  • 2
2 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
NO SEPERATE DOMAINS!

There are times when having multiple domains makes sense... simply because you have multiple sites is not one of them.

You create OUs for each site and you delegate management rights (if desired) to users in that OU.  Put at least one DC in each site.

In my opinion, unless you've left out something, the only remote access service you should be offering is VPN - and ideally, that will be a site-to-site VPN if the remote offices have more than 3-5 people each.  Then you can allow individuals to connect via VPN as well.

If you want a secure network you will lock things down - either spend the time now locking it down or get fired later for not locking it down - your call.
0
 
mcsweenSr. Network AdministratorCommented:
I agree with Leew, do not use separate domains.  This will only cause you to have to setup extra DCs at every site for failover and replication will be the bain of your existance.

I use Site to Site VPN to connect some of my smaller branch offices to HQ.  Sonicwall makes some very nice products.  I would suggest something like a Pro2040 at the HQ with a TZ170 at each branch office.  Sonicwalls also offer the added advantage of Client connected VPN from home and when you are traveling.  Also has some add ons you can purchase for web filtering, antivirus, antispyware, etc...


http://www.sonicwall.com/products/pro2040.html
http://www.sonicwall.com/products/tz170.html
0
 
etechnicsitAuthor Commented:
Thanks guys.  Sounds great

OK 1 Domain, 1 DC at each office, replication between DC's.  VPN Connection between DC's.

Shall I use DFS or FRS.

I dont understand how users will login remotely?, will I use Terminal Services?

0
 
etechnicsitAuthor Commented:
Ahhhh! I didnt really know what a VPN was :P Excellent!
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now