Solved

Loggin on to Active Directory over the internet

Posted on 2006-11-14
10
167 Views
Last Modified: 2010-04-18
What is recommended for a company that has a few satellite offices with only one computer in each office and we want to move those computers over to the domain? We would like to go without a VPN Solution, but is that our only choice? Is there any other option other than opening up the ports on the firewall and letting them in that way? Is that too risky? If not how do we do that?
0
Comment
Question by:LeviDaily
  • 4
  • 3
  • 2
10 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 250 total points
ID: 17944514
go the VPN option over opening up your firewall! this is farily common, you can set up a cheap VPN fairly simply
0
 
LVL 2

Author Comment

by:LeviDaily
ID: 17944524
are those the only options?
0
 
LVL 2

Author Comment

by:LeviDaily
ID: 17944527
Also, what is the best way to go. With RRAS based VPN?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17944590
pretty much mate, i mean you cant have a member of the domain without connectvity unless the client lives offline and then eventually that will fall over.

RRAS is the cheapest option as a dial in VPN but a hardware VPN is much nicer and requires no user interaction
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 2

Author Comment

by:LeviDaily
ID: 17944628
what is wrong with the firewall way, and how many ports does it use?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17944678
I wouldnt be going that way - its why you have a firewall.....
http://support.microsoft.com/kb/832017

not sure all the ports it needs
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 250 total points
ID: 17945034
Levi,

Is this on your Small Business Server?  Or is this a Standard Server 2003 environment?

Because if SBS then there are lots of remote options available to you including Remote Web Workplace http://sbsurl.com/rww or adding a Virtual Terminal Server http://sbsurl.com/vs.

See other options at http://sbsurl.com/remote.  Again, if SBS then VPN is a built-in, pre-configured feature.

But I wonder... what is your opposition to a VPN solution for a remote satellite machine?  All it is is opening a port... essentially.  But more importantly, it's ENCRYPTION that's the difference.  You don't want your company's data flowing wide open for anyone to read.  Realize that if you run a TraceRoute from the remote office to your headquarters, you'll see that the traffic goes through about 10 to 15 different servers before it gets to you.  Do you trust those servers that it's going through?  Do you even know who owns them?  Do you trust that some little hacker-dweebe isn't packet sniffing right from the house next to your remote user?  

(trust me, I know it happens!)

How much private information is on your server?  Customer data?  Employee data?  Your own shopping data?  Whatever it is... you don't want just anyone to have access to it... and in some cases it could be illegal for you to even think about not keeping it all secure.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17945067
Okay... let me just say that I decided to take a quick look at something right after I sent that to kinda show you how insecure your network can be.  Within 60 seconds, I was able to determine your password for paciflicenters@qwest.net.  which begins with 2s******

If that's not enough to scare you into doing the right thing, then I wonder what is.

Honestly... I didn't do anything illegal to determine this, by the way.

If you'd like to know more about what I did, you can email me offline at TechSoEasy@experts-exchange.com.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:LeviDaily
ID: 18748463
Thanks guys. I have implemented a RRAS solution right now. I soon will bring in an additional Hardware VPN soon.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now