Solved

Windows PPTP VPN connection, run as a service?

Posted on 2010-08-14
12
1,053 Views
Last Modified: 2012-05-10
Hello Experts,

I need a solution so that I can run the windows VPN client as a service, which would allow the computer to establish a VPN connection to a SBS 2003 network, so that a user can log into the domain from a remote location.  I don't want to use cached credentials, and can't seem to figure out a way to do this, so that VPN starts before anything else does. (i.e. startup folder script to rasdial won't be a solution, but a service that establishes VPN connection is what I'm after).  

The clients are Windows XP and Windows 7.  

Any help greatly appreciated.  Need the info rather urgently to save about a day of travel.

Thanks!
0
Comment
Question by:taki1gostek
  • 6
  • 3
  • 2
  • +1
12 Comments
 
LVL 7

Expert Comment

by:withtu
ID: 33437276
check it out:

How to Always Use the Log On Using Dial-Up Connection Option
http://support.microsoft.com/kb/172125
0
 
LVL 7

Accepted Solution

by:
OctInv earned 500 total points
ID: 33437290
This is already possiblke within Windows, and glares people in the face everyday, but is always ignored! :o)
On the logon screen for windows, there is an option of 'log on using dial-up connection'.
This is actually quite mis-leading as this means you can also log on to a domain using a VPN connection too.

Create a normal PPTP vpn connection within a user account, making sure that the connection is 'available for everyone'.

When the user needs to log on to the domain, they tick the box and enter the domain credentials in to the laptop.  When they log on, Windows will prompt the user to enter the credentials for the VPN connection, connect to the VPN, and THEN log in to the domain once connected.

The only issue is here is if the computer is using a windows managed wireless connection to get in to the internet, as this won't connect until logged on.
The way round this is to have the computer connected via a network cable, or to use a wireless management facility that connects to the wireless before logon.
Hope this helps! :)
Any questions - do ask.
0
 
LVL 7

Expert Comment

by:OctInv
ID: 33437312
That link appears to be relevant to Win2K withtu, and I'm also not sure why that would be necessary.
It indicates that doing this could render a laptop impossible to boot in to if the remote network is unavailable or if the discs were not available for an emergency repair.

Why would you need to adjust the registry settings?
0
 
LVL 2

Author Closing Comment

by:taki1gostek
ID: 33437322
Thanks, exactly what I was looking for!
0
 
LVL 7

Expert Comment

by:OctInv
ID: 33437331
No probs, glad i could save you a day's worth of travel!
0
 
LVL 2

Author Comment

by:taki1gostek
ID: 33437333
ok, I accepted too soon...  i have a strange situation here because I have a local account let's say John Smith with no password on a windows 7 box that isn't joined to the domain.  What I'd like, is for the computer to be connected via VPN when I log into this local account, so that I can run the connect the computer wizard (from SBS 2003) i.e. http://servername/connectcomputer... so that it is joined to the domain properly, and can retain the local user's profile...
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 2

Author Comment

by:taki1gostek
ID: 33437335
There is no default use dial up connection on the windows 7 login screen... just a single icon that if you click, gets you right into windows...  is there a combination of keys you'd press on windows 7 to see an option for dial up?
0
 
LVL 2

Author Comment

by:taki1gostek
ID: 33437360
P.S. while connected via VPN as the local user if i were to run the Connect computer wizard, it'll work and connect fine... but unfortunately it requires 2 or 3 restarts, during which it wouldn't be able to communicate with the server...so i really need a service service for VPN to be up and running before other services kick in...
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 33437550
I know it isn't a direct answer to your question, but trust me when I tell you this:
1) Don't run the connect computer wizard over wireless.
2) Don't run the connect computer wizard over a VPN.
Even if you find a way to technically do what you want, the repurcussions of a dropped connection or temporary connection are significant and a real pain to recover from. Joining a computer to the domain should always be done on the wire, and done locally.
-Cliff
 
0
 
LVL 2

Author Comment

by:taki1gostek
ID: 33437575
I appreciate the warning, but willing to take the risk, cgaliher...
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 33437587
If all you want to do is preserve the profile information, use something like the Windows Easy Transfer tool (windows 7) or the XP equivalent (can never remember its name...files and settings wizard or somesuch) ...this is essentially what the SBS wizard does anyways.  ....I *really* can't stress how often these things fail, even when running as services...service start order, network speed, other factors, all come into play. If it were recommended, or even remotely "works most of the time" somebody would have blogged about it by now. There are a lot of SBS folks, and some of us actually test-lab these scenarios looking for blog material, and some things we realize really just don't work. This is one of those times.
0
 
LVL 2

Author Comment

by:taki1gostek
ID: 33437597
Is there a tool, like an alternative to moveuser.exe for Windows 7, which would map the local profile to a domain profile?  (i.e. fix security & registry settings so that computer\account can be accessed via domain\account in its entirety?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now