[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Remote Client Logon with VPN

Posted on 2011-02-12
Medium Priority
Last Modified: 2012-08-14
We have a remote worker whom I've built a PC for here, joined it to the domain and setup a VPN connection so she can use our line of business application.  I have since shipped it to her remote location.

How can I setup her PC so when she logs into it, it knows to use the VPN and authenticate to the domain thus keeping her remote PCs SID in sync with AD?

Said another way, that PC will not ever come back here, so I need the VPN to actually connect as she logs on to keep her PC a member in good standing on the domain.

Originally, I was going to have her do what I do with my laptop, log in, connect to the VPN and use the network resources I needed.  I've since wondered if that is not appropriate for her because my laptop actually comes back into the domain where her PC will not.

Please advise,
Question by:DustinEWright
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
LVL 10

Expert Comment

ID: 34879713
Hi Dustin,

To actively process Group Policy, keep in sync with AD etc, your remote user needs to connect to your VPN before she logs on.

This used to be a simple tick box in XP etc, but it is now a little harder to achieve.

Assuming you're using the standard WIndows SBS 2008 VPN (i.e. PPTP), the key is that you need to tick the "Allow other people to access this connection" box when creating the VPN Connection. With this box selected, I recommend NOT saving the password for the VPN Connection.

At the next logon, the user should press "ESC" or click "Switch User" which will show the logon screen with the two standard user icons, the blue "Ease of Access" icon to the Bottom Left, and the "Shutdown Options" to the bottom Right.  Next to Shudown Options, you'll now see a new Blue Button, "Network Connections".

Click this, and the remote user will be presented with a list of available VPN connections.  By clicking one of these connection icons, and entering their standard Username and Password (including Domain Name, i.e. CONTOSO\Joe) they will be connected to the VPN/AD/Main Network, and logged on to their PC/Laptop.

It's a little more convoluted than XP, but it is there...

Hope that helps!
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34880420
Going down a different path, if the remote worker has a computer of her own, I would have kept the station in the office and let her connect with RWW.  Much safer, much faster, and much more control.  The remote worker needs only to have a computer capable of RDC, basically any XP or better computer.

Expert Comment

ID: 34884798
adding to fly...

Not too hard to set up. Couple of things on the checklist.

Give the workplace PC a static IP.
Change the listening port via regedit to something other than 3389.
Create an exception in the firewall for that port.
Tick the "allow remote connections to this computer" box in computer properties.

On the router, port forward the listening port to the static IP of the workplace computer.

On the remote computer set up RDC with the WAN IP and listening port.

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Expert Comment

ID: 34885468
and if you want to force the user to connect via vpn without a choice then you can set the Computer/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
creat or edit string RASForce and set to 1
this will grey and tick the dial up option so that the user has no option but to use the vpn only, when logging on.  
i have not tested this on 7 but do know it works on xp.  

Author Comment

ID: 34911948
Ok, we tried, but are not having any luck.  She has a slightly different dialog there than I do here, see attached.  When I try to select the top checkbox, I have to selete a connection in the drop down.  She's currently using a wireless on the PC (cable is on order) and this process seems to cripple her Internet when we tried the above advice.  What can I do?


 VPN Connection - Remote
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34912078
I am starting to sound like a broken record, and if you have considered this and have a reason not to consider it, please let us know.

I would much prefer to see the newly built system inside the LAN, and the remote user connect to it with RWW.  More secure, less chance of data corruption, and zero chance of malware coming in over the VPN from the remote computer.

Author Comment

ID: 34913532
We use Skype for our phone system and with RWW, she has to alt+tab to the desktop to dial and accept calls.  Simply put RWW will not meet the business need.  We have been limping along with that arrangement since July.  We need this.

Author Comment

ID: 34913535
She can't use Skype from thru a RDP session.
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34915346
Ok, I see that having to press Alt+Tab could be a huge inconvienence.  I have never tried what you are describing, but wondering why the remote user could not use skype, or any other voip system on the desktop inside the LAN?  That is, if she were based in the office, could she not use skype?

Accepted Solution

scraby earned 2000 total points
ID: 34918205
you're under the sharing tab and selecting internet connection sharing, this turns the workstation into a gateway where others on the local netork are then allowed to used her connection to connect to the internet.  YOU'RE IN THE WRONG PLACE. see the attached picture, when you SETUP the connection it gives you the option to "allow other people to use this connection" check that and this will make the connection availale at the logon screen.  the wireless connection should not be an issue, windows starts the wireless service before logon just make sure you're using windows to connect to wireless networks and not a third party or adapter solution. so to break it down:

1. setup the new vpn connection and allow other people to use this connection in the setup, i would put all the information (including password) to allow the vpn to connect without the user having to enter information (less steps to confuse people)
2. instruct to use the ease of access button during logon and select the vpn connection before logging on (set RASForce to 1 as indicated above to no give the user to logon without the VPN)
3. make sure they are using the correct domain to logon and once they commence logging on the VPN will connect and the user will be authenticated on the domain as if they were local with all resources available and group policies will be applied to their work station

I've done this many times on XP and it works great.  i setup the comptuers to automatically logon to everything so that the user does not have to make any decisions (auto connect to vpn and autologon to domain), of course this is not good security practice but it all depends on your envorionment.

good luck, and please reply with your results or othe issues
LVL 71

Expert Comment

ID: 35275297
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question