Best way to access shared folder on Windows Server 2008 from off site

Posted on 2010-01-09
Medium Priority
Last Modified: 2013-12-06
I have a server running Windows Server 2008. I've set up a "users" folder that is shared with everyone, and inside I have a number of individual user folders with security permissions set on each, so each employee can access his/her folder, but not anyone else's.

Ok, so far, so good. Everything is working great.

Now some employees need to access their folders from off-site, via the Internet. I know I can use Terminal Services (now called something else, I think) to establish a Remote Desktop Connection, and they can run software right on the server, but I'm hoping to find a better way.

Ideally, they would be able to map the shared drive *on their local machine*, running Word, Excel, etc, locally (offsite) but saving/opening files to/from the remote network resource.

What's the best way to do this?

Thanks in advance for your help!
Question by:tim_dts
LVL 10

Accepted Solution

itsmein earned 672 total points
ID: 26276328
The only secure way is to setup an SSL VPN Server (you got free open source ones like Adito VPN Server , SSL Explorer etc) and setup application redirection - users will need to logon to a website (SSL VPN Server site) and authenticate themself and then they will have a link pointing to thier share folder within your network which they will be able to access it from outside.

BUT this is a very curde and primitive way to set things. for your requirement, you should be using sharepoint. WSS is free - get it installed , create a document library, move the files to the document library (youcould achive better collaboration with security using Document Library - instead of using share folders". finally you need to publish the sharepoint site to the web to allow users to be able to access it from offsite


Assisted Solution

mattaussie2009 earned 664 total points
ID: 26277149
I have to agree with itsmein on this one WSS is definitely the ideal way to go.

If you do not want to go down the Sharepoint path, you could do the following:

1.  Setup the users shared folders for websharing (right click on the folder and click on the web sharing tab)

2.  Setup an IPSEC or PPTP VPN on the server, and setup the users laptops/external PC's with a VPN Client to enable them to access the network resources.

Author Comment

ID: 26280014
Thanks for the quick responses! Let me make sure I've got this straight.

You both agree that Sharepoint is the best solution. I've heard of it, of course, but I don't know much about it and haven't ever used it. I understand that the server portion is free; what about the client end? Do I need any CALs or client applications or anything for my users?

Also, will it behave like a mapped drive, or is it a web interface or what?

Thanks again for your prompt help.

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

LVL 10

Expert Comment

ID: 26280211
its a web interface. WSS is free. MOSS07 is not. MOSS07 is WSS+Office package well integrated.

Incase of WSS, users will need to check out (download) the file and check in/publish it back to the website. MOSS07 provided good integration with office tools, so you can directly edit the content on the server.

No cals required. jus a web browser to access the website. though i will ask to to doublecheck of you can publish the WSS sharepoint site onto the internet.


Author Comment

ID: 26280397
Thanks. This is helpful; the picture is getting clearer. It sounds like WSS is a potential solution.

What I am really hoping for may not exist, but in an ideal world, they can work locally and access the network share as if it, too, were local. IOW, they map a drive (I guess using the IP of the server) and can open and save files as if it were local or intranet, except that they'd be coming in over the internet. Any good way to do that?

I thought someone would suggest a VPN of some kind, but I've never set up one of those, either.

LVL 10

Expert Comment

ID: 26280786
OK. keeping share point aside, your requirement can be accomplished by using a SSL VPN Server. (easy to setup when compared to IPsec ones)

All you have to do in a SSL VPN Server is publish it to web and create an application that points to the local share drive, and the local share drive is now available on the web. Like i said earlier, i have tried using adito and sslexplorer. both are open source free SSL VPN Servers. I would pick adito VPN Server over sslexplorer because it allows us to completely rebrand the website and make it appear to be a custom solution.

BUT - if you prefer not to put up a website at all (WSS or SSLVPN Server - both need website on the internet) , go with setting up windows VPN Server

here is a good articel on setting up VPN server on windows 2003 - http://articles.techrepublic.com.com/5100-10878_11-5805260.html

hope that helps.

LVL 31

Assisted Solution

by:Cláudio Rodrigues
Cláudio Rodrigues earned 664 total points
ID: 26284242
Keep one thing in mind: performance may suck big time, especially if compared to TS.
Also there is the security concern of having people connecting and maybe downloading confidential documents/information to their local PC. If that PC is later compromised, third parties may have access to your confidential docs, now sitting at a remote PC that you have no control over.
The ideal of a VPN is great (I use it for my own company, using the free RRAS that comes with 2003/2008) but there are severe security implications.
Terminal Services in the other hand will not only perform MUCH better, hands down, but will PREVENT people from actually loading the documents directly on their PCs. They will be able to connect and work on the document as if they were sitting at the office, with office/LAN like performance but without all the security implications/risks a VPN solution brings.
In a way it all gets down to your needs. If the user needs offline access to the documents (i.e. download it to work on it at home, completely disconnected), TS will not do it; VPN will. But again, there is way more to VPN security than what you can see.
For that type of scenario, working remotely on documents, I always use TS for all my users. Works perfectly, performs and I have no security issues to address like in a VPN scenario.

My 2 cents.

Cláudio Rodrigues
Citrix CTP

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question