Sign on Before Logon

Posted on 2009-05-14
Medium Priority
Last Modified: 2012-05-07
=>We have an AD environment on 2003 Server.
=>A good half of our users are remote all the time
=>We have a Cisco ASA with Anyconnect
=>Since our users are remote and often need to be able to login to their machines w/o being on the Internet. SO we allow cached usernames.
=> We have procedures inplace so that when a user changes their password they lock the computer and unlock it in order to update teh cached information.

Maybe i'm just not thinking right now - but other than passwords or logon scripts is there any benefit to signing on to the VPN before logon? Does not contacting the domain controller before logon really hurt the SID at all?
Question by:ncartwrightt2systems
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
LVL 15

Accepted Solution

Rob Stone earned 1000 total points
ID: 24389778
As a client it shouldn't hurt not VPN'ing in before logging in as long as they do it every now and again just to sync up.

You will have problems with some GPO's not being applied, but other than that you should be ok.

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question