Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 481
  • Last Modified:

MS, Win2k3Server, 5.2 SP1

I have users with DSL who I would like to give access as domain users. My Win2k3 server has an IP address available through my firewall (used for the OWA mail port), to which I can connect using Remote Desktop. Can I use this to set up domain access? How can I do it without comprimising security?
1 Solution
I would probably set up a VPN.  PPTP is the easiest, L2TP is better, if you have a firewall with vpn endpoint capabilities, go with IPSEC (the other end will need atleast Client software, better if they have an endpoint device as well).  At that point they can access domain resources, rdp to machines...etc.  If you want them to be "on the domain" literally (I.E. their workstations can log into the domain directly), you will need a domain controller at your client site and replicate through the vpn from your DC to their DC.
Erik BjersPrincipal Systems AdministratorCommented:
I DO NOT RECOMEND THIS, howerver if you are on a budget you can use RRAS (routing and remote access), free with Windows Svr., to setup your server as a VPN server.  WARNING THIS CAN BE A SECURITY HOLE/ NIGHTMARE IF YOU DO NOT CONFIGURE OR MANAGE IT CORRECTLY.

The links at this page may help you http://www.microsoft.com/technet/community/chats/trans/network/net0708.mspx

Rob WilliamsCommented:
You mention Server 2003 and OWA, is there any chance you are using Small Business Server? If so please advise as you have several additional options you can offer your users. SBS includes a customized VPN, Remote Web Workplace, and Sharepoint to give your users 3 options to connect to resources.

If not using SBS and you want to give users access through VPN access it is quite straight forward to set up. The basic server and client configurations can be found at the following sites with good detail:
Server 2003 configuration:
Windows XP client configuration:
You will also have to configure the router to forward the VPN traffic to the server. This is done by enabling on your router VPN or PPTP pass-through, and also forwarding port 1723 traffic to the server's IP. For details as to how to configure the port forwarding, click on the link for your router (assuming it is present) on the following page:
The only other thing to remember is the subnet you use at the remote office needs to be different than the server end. For example if you are using 192.168.1.x at the office , the remote should be something like 192.168.2.x

Once this is configured you can then use services similar to how you would on the local network. You will not be able to browse the network unless you have a WINS server installed. Also depending on your network configuration you may have problems connecting to devices by name, though this can usually be configured.. Using the IP address is less problematic such as \\\SharenName.
HilltownHealthCenterAuthor Commented:
Enrolling on this site just keeps on proving to be one of the best decisions I have ever made over the course of my career!
Rob WilliamsCommented:
Glad to hear suggestions were of some help, and even more so that the site has proved beneficial for you.
Thanks HilltownHealthCenter.
Cheers !

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now