VPN with Active Directory Contorols

Posted on 2011-04-19
Medium Priority
Last Modified: 2012-08-14
Hey Everyone -

I have a client that is currently using a 6 year old server that is runing Server 2003 Std. He has only 5 licenses and is using all of them on a daily basis. He now would like to look into expanding his force to remote workers (possibly 5 of them). They would only be accessing files mostly, however these files are in drives that are full of other documents they shouldnt have access too.

Now this would make sense if they had a terminal server with an additional 5 licenses so that they can log in and we can control this all through Active Directory controls and Windows natively. However, he isnt looking to upgrade his server or licensing status if he doesnt have to.

This then leads to a VPN solution. I know of the RADIUS features some VPNs have but not sure of the best way to go about it, considering the clients situation. Normally I have licenses at my disposal or able to get more, and have all teh features needed. This would be relying on the configuration of the VPN. They currently have chosen to not implement a network appliance and have no static IPs on their server.

Any suggestions or ideas on how this can work best as well as grow? or do I need to push harder for new bones (server, licensing)?
Question by:tecpub
LVL 15

Assisted Solution

JBond2010 earned 600 total points
ID: 35429508
As the clients would only be accessing files you could use RRAS which would work fine. There is no cost involved as this feature is supports on Windows Server 2003 Standard Edition. You would need to open the ports on the your Router/Firewall - port 1723 and Gre.
LVL 42

Accepted Solution

kevinhsieh earned 1400 total points
ID: 35429543
A VPN with RAIUS control won't help you at all, because the VPN can't limit access to certain folders/files, only certain servers/services. Basically, the VPN can not provide enough fine grain control. You would need to use native NTFS controls.

If you keep it on the Windows server you will additional Windows CALs. No way around that. I suspect that accessing files over VPN will also be so slow as to be hardly useable. A way to improve things would be terminal services which you can possibly install on the current server if it has enough RAM (at least 1 GB, preferably 2-4 GB). You would need terminal Server CALs in addition to the Windows CALs.

Your best bet is probably Google Docs or something like that for all of the shared files. I believe that it will produce a better experience and be cheaper than buying new licenses.

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question