Link to home
Start Free TrialLog in
Avatar of DustinEWright
DustinEWright

asked on

Remote Client Logon with VPN

We have a remote worker whom I've built a PC for here, joined it to the domain and setup a VPN connection so she can use our line of business application.  I have since shipped it to her remote location.

How can I setup her PC so when she logs into it, it knows to use the VPN and authenticate to the domain thus keeping her remote PCs SID in sync with AD?

Said another way, that PC will not ever come back here, so I need the VPN to actually connect as she logs on to keep her PC a member in good standing on the domain.

Originally, I was going to have her do what I do with my laptop, log in, connect to the VPN and use the network resources I needed.  I've since wondered if that is not appropriate for her because my laptop actually comes back into the domain where her PC will not.

Please advise,
Thanks!
Avatar of Ian Pattison
Ian Pattison
Flag of United Kingdom of Great Britain and Northern Ireland image

Hi Dustin,

To actively process Group Policy, keep in sync with AD etc, your remote user needs to connect to your VPN before she logs on.

This used to be a simple tick box in XP etc, but it is now a little harder to achieve.

Assuming you're using the standard WIndows SBS 2008 VPN (i.e. PPTP), the key is that you need to tick the "Allow other people to access this connection" box when creating the VPN Connection. With this box selected, I recommend NOT saving the password for the VPN Connection.

At the next logon, the user should press "ESC" or click "Switch User" which will show the logon screen with the two standard user icons, the blue "Ease of Access" icon to the Bottom Left, and the "Shutdown Options" to the bottom Right.  Next to Shudown Options, you'll now see a new Blue Button, "Network Connections".

Click this, and the remote user will be presented with a list of available VPN connections.  By clicking one of these connection icons, and entering their standard Username and Password (including Domain Name, i.e. CONTOSO\Joe) they will be connected to the VPN/AD/Main Network, and logged on to their PC/Laptop.

It's a little more convoluted than XP, but it is there...

Hope that helps!
Going down a different path, if the remote worker has a computer of her own, I would have kept the station in the office and let her connect with RWW.  Much safer, much faster, and much more control.  The remote worker needs only to have a computer capable of RDC, basically any XP or better computer.
Avatar of paulstorm
paulstorm

adding to fly...

Not too hard to set up. Couple of things on the checklist.

Give the workplace PC a static IP.
Change the listening port via regedit to something other than 3389.
Create an exception in the firewall for that port.
Tick the "allow remote connections to this computer" box in computer properties.

On the router, port forward the listening port to the static IP of the workplace computer.

On the remote computer set up RDC with the WAN IP and listening port.

and if you want to force the user to connect via vpn without a choice then you can set the Computer/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
creat or edit string RASForce and set to 1
this will grey and tick the dial up option so that the user has no option but to use the vpn only, when logging on.  
i have not tested this on 7 but do know it works on xp.  
Avatar of DustinEWright

ASKER

Ok, we tried, but are not having any luck.  She has a slightly different dialog there than I do here, see attached.  When I try to select the top checkbox, I have to selete a connection in the drop down.  She's currently using a wireless on the PC (cable is on order) and this process seems to cripple her Internet when we tried the above advice.  What can I do?

Thanks

 User generated image
I am starting to sound like a broken record, and if you have considered this and have a reason not to consider it, please let us know.

I would much prefer to see the newly built system inside the LAN, and the remote user connect to it with RWW.  More secure, less chance of data corruption, and zero chance of malware coming in over the VPN from the remote computer.
We use Skype for our phone system and with RWW, she has to alt+tab to the desktop to dial and accept calls.  Simply put RWW will not meet the business need.  We have been limping along with that arrangement since July.  We need this.
She can't use Skype from thru a RDP session.
Ok, I see that having to press Alt+Tab could be a huge inconvienence.  I have never tried what you are describing, but wondering why the remote user could not use skype, or any other voip system on the desktop inside the LAN?  That is, if she were based in the office, could she not use skype?
ASKER CERTIFIED SOLUTION
Avatar of scraby
scraby

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.