[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 668
  • Last Modified:

How can I make a Win XP SP3 computer sync its logon with a SBS 2011 server at a remote site without using a VPN?

How can I make a Win XP SP3 computer sync its logon with a SBS 2011 server at a remote site without using a VPN?

I have a Windows XP computer at a remote site that is part of a Small Business Server 2011 domain. This computer was joined to the SBS 2011 domain in the main office and the user logged onto it there.

Now the user has moved to a remote office. While this remote office does have internet access, it doesn't have access to the SBS 2011 domain controller at the main office since there is no hardware or software VPN available.

I recently changed the user's Active directory password. While she is able to use this new password to logon to Outlook 2007 (which uses an Outlook Web Access connection), once she logged off of the Windows XP computer and then tried to log back on with her new password, she has been unable to log back on.

Is there any way that I can set a Windows XP computer to connect to the Server 2011 Small Business Server domain controller using some sort of web authentication (similar to OWA) which is being used for Outlook authentication?

I know that the easiest way of fixing this issue would be by implementing hardware VPN or a VPN connection from the windows XP computer to the Server 2011 for Small Business Server, but unfortunately neither option is available to me.

Please let me know how I can get the Windows XP computer to synchronize the users Active Directory domain password with the Server 2011 for Small Business Server.
0
Knowledgeable
Asked:
Knowledgeable
  • 4
  • 3
  • 3
  • +2
3 Solutions
 
bill_lynchCommented:
have the user overnight the laptop, sync it and then over night it back over a weekend...
0
 
KnowledgeableAuthor Commented:
Are there any other ways of doing this?

The pc is actually a desktop.
0
 
bill_lynchCommented:
I don't think so.  The pc needs to be able to talk to Active Directory.  Is it possible to set up a temporary VPN?  Here are some instructions:

http://blog.ronnypot.nl/?p=693
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
KnowledgeableAuthor Commented:
The problem is that port 1723 is blocked on the firewall and I don't have the username or password to open this port on the router.
0
 
bill_lynchCommented:
http://openvpn.net/

You can use this to set up a SSL vpn, i.e. over the web.  As long as ports 80 and 443 are open on your firewall you should be good.
0
 
johnb6767Commented:
Are there any other logons cached on this box? Even a local admin password?

If so, once you logon locally, and connect to VPN, you can do a SHIFT+Rt Click>Run As... on anything like C:\Windows\system32\cmd.exe, and then use her NEW (current password in AD) and once it launches, you just updated her CACHED logon. She should be fine.....

Or try unplugging the LAN cable and see if the cached account might still work enough to get her in.....
0
 
Rob WilliamsCommented:
You only option is a VPN or visit the site.

The other catch is the VPN must be available at logon, i.e. before you logon on to the workstation. If that were not the case you could use something like Hamachi's VPN or Open DNS. If you use the Windows VPN, at logon whne you press ctrl+alt+del there is an option to connect using dial up. Selecting this allows you to chose the Windows VPN which will connect and then allow the workstation to connect and authenticate to the domain. If the VPN is not first connected you are actually using cached credentials and not authenticating to the domain. You mention you do not have access to configure port forearding so this in not an options.

The other  and better option is a site to site VPN so the domain is always available, but I am guessing this is not an option either.

I assume though the existing cached credentials should work on the workstation? It's just that you cannot sync to update the password.
0
 
KnowledgeableAuthor Commented:
Does anyoone else know of any third party websites or programs that can do this?

This is an issue tha i run into quite often as an independent IT consultant.
0
 
Rob WilliamsCommented:
If it is quite often, why not make deploying a VPN a standard procedure?
0
 
KnowledgeableAuthor Commented:
Because I encounter this with lots of different customers, not just a single cutomer in one remote location.

This happens quite a bit when people work from home while their home office is in a different state.
0
 
Rob WilliamsCommented:
But if you manage their networks, setting up aa VPN takes less than 10 minutes
0
 
KeithAtAzureCommented:
Logmein has a product called Haminachi which is a VPN that is fairly simple to set up.  I too am an independant consultant and use this at various client sites.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 4
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now