[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

Offline computer can login as Administrator on domain but not other users

I have a computer that is in another location from the office. It was on a domain and still needs to be part of a domain and we are trying to setup a VPN connection. The domain Administrator can login to the computer without being connected to the domain through the VPN. I setup the VPN, started it under Admin, added a new user off the domain, and tried to login. I cannot. I also cannot login with a past user that was already on the PC when it was connected to the domain.

Any clues on how I can get a user to authenticate without actually being connected to the domain?
This is a sonicwall tz 210 with VPN. The VPN works just fine.
0
calitech
Asked:
calitech
3 Solutions
 
Steve KnightIT ConsultancyCommented:
Is the VPN network to network or from this machine connecting in after login to the VPN?

If it is a network to network VPN then the machine will need to be able to connect with the DNS server on one of the domain controllers at the main site.  It sounds like maybe it can't see the DC.

The domain admin login has been cached, and local accounts would work but until it can see the domain properly others will not.

If the VPN is after logon from the machine itself you are going to need to get it back onto the original network, login as the user you want then send it back again IMO.

Steve
0
 
pwindellCommented:
At the Ctrl-Alt-Del prompt expand the dialog so that you see the whole thing (it probably already that way)

"Check" the Check Box that says "Log on with Dialup Connection".

The user will be prompted to choose a "Dialup Connection".   VPN IS and dialup technology and will show as an option if you have already created the VPN Connectiod on the machine and also to it that it can be used for Everyone (as opposed to only the Creator).

This allows the VPN to be connected just prior to the user themselves logging into the machine.  This then obviously allows the User's Profile on the machine to be created and cached.   If the VPN drops on the user after they are on the Desktop they can just reconnect the VPN in the normal way and everything is fine.

I run two remote News Offices for a TV station this way. There are only two humans with two workstations in each office so it does not justify a full Site-to-Site VPN be setup for that.
0
 
Steve KnightIT ConsultancyCommented:
pwindell - I assumed no doubt wrongly that this was either point-to-point or not standard windows VPN connections, curious if you know if you can use the "dial-up" setting with non-built-in vpn software as I have never tried it that way to know?

Steve
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
pwindellCommented:
It just depends on it it shows up as an option Dialup Connection that you can pick from.  You'll just have to try it an see.   That is the fatal downfall of a lot of 3rd party products,...many times they want to act like and brag that they are better than Microsoft but then they turn around and fail in critical areas.
0
 
asavenerCommented:
The admin can log in because it is using the cached credentials.

To get the regular user logged in, you have to set the VPN up as being available for all users and then select the option at login to use a dialup connection.
0
 
pwindellCommented:
That's what I said :-)
0
 
calitechAuthor Commented:
Thanks
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now