VPN with Active Directory Contorols

Posted on 2011-04-19
Last Modified: 2012-08-14
Hey Everyone -

I have a client that is currently using a 6 year old server that is runing Server 2003 Std. He has only 5 licenses and is using all of them on a daily basis. He now would like to look into expanding his force to remote workers (possibly 5 of them). They would only be accessing files mostly, however these files are in drives that are full of other documents they shouldnt have access too.

Now this would make sense if they had a terminal server with an additional 5 licenses so that they can log in and we can control this all through Active Directory controls and Windows natively. However, he isnt looking to upgrade his server or licensing status if he doesnt have to.

This then leads to a VPN solution. I know of the RADIUS features some VPNs have but not sure of the best way to go about it, considering the clients situation. Normally I have licenses at my disposal or able to get more, and have all teh features needed. This would be relying on the configuration of the VPN. They currently have chosen to not implement a network appliance and have no static IPs on their server.

Any suggestions or ideas on how this can work best as well as grow? or do I need to push harder for new bones (server, licensing)?
Question by:tecpub
    LVL 15

    Assisted Solution

    As the clients would only be accessing files you could use RRAS which would work fine. There is no cost involved as this feature is supports on Windows Server 2003 Standard Edition. You would need to open the ports on the your Router/Firewall - port 1723 and Gre.
    LVL 41

    Accepted Solution

    A VPN with RAIUS control won't help you at all, because the VPN can't limit access to certain folders/files, only certain servers/services. Basically, the VPN can not provide enough fine grain control. You would need to use native NTFS controls.

    If you keep it on the Windows server you will additional Windows CALs. No way around that. I suspect that accessing files over VPN will also be so slow as to be hardly useable. A way to improve things would be terminal services which you can possibly install on the current server if it has enough RAM (at least 1 GB, preferably 2-4 GB). You would need terminal Server CALs in addition to the Windows CALs.

    Your best bet is probably Google Docs or something like that for all of the shared files. I believe that it will produce a better experience and be cheaper than buying new licenses.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now