ISA 2006 VPN + Active Directory Authentication

Hi,

We've been testing ISA2006 for VPN access.  Its currently installed, and authentication VPN connections against a Radius server.

We can add users to a setup VPN Security group to allow them access and that works great.

What I'd like to do though, is when someone logs into the VPN have it run their Active Directory login script, so they receive their mapped drives automatically.  

I've also noticed that we try to map to UNC shares, it asks the user for their credentials, is there any way to get the VPN connection to cache the login credentials and use them?

Hope this makes sense.

Thanks
Paul
pmason08Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pwindellCommented:
When the users connect they need to be at the "Crl-Alt-Del" on their machine.  They need to check the checkbox that says "Log on using Dialup Connection" and choose the correct VPN Connection.  Their machines have to of course be Domain Members and they must be using Domain level user accounts.    This might let their login scripts run,..but if it doesn't then it just "ain't gonna happen". You will have to use a Batch file that is "shortcutted" into the Startup "folder" of the All Users Profile of the Start Menu so that it runs last after they are logged in.
Mapped drives,...well they are a thing of the past and you should get rid of them.  Using Shortcuts based on the UNC path is 100 time better and more dependable.  But if you feel you can't do without them, and the login scripts won't work then you will have to use a Batch file that is "shortcutted" into the Startup "folder" of the All Users Profile of the Start Menu so that it runs after they are logged in.  This batch file must first delete any mapped drive that might conflict, and then create the drives you want,...if you don't do that it will generate errors (which will confuse the users) if they run the batch file manually after it has already mapped the drives.
I don't know about the second "prompt" for credentials,..there are just too many different things that can cause that.  But one thing I do know is that I would get rid of the RADIUS Server in a heartbeat and run the ISA as a Domain Member and allow it to authenticate the users agains AD directly itself.  This article might be a good read for you.....
Debunking the Myth that the ISA Firewall Should Not be a Domain Member
http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html
 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mcse2007Commented:
I wouldn't go this path mapping network path while connecting via VPN.......it will only frustrate the user. Why, if the drives mapping have Gb in size, it will takes time for the VPN client to even view the folders let alone opening a file. Try enabling the offline files.

UNC path is also a tricky one and many admin get trap on this. To overcome this try running ISA log report where you can see the on time traffic, then do a UNC path from any machine, from the report watch which protocol is being requested (it is microsoft something like that), then stop the log, create a rule using that protocol then try again.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.