Solved

VPN Access w/o Domain Account

Posted on 2013-01-31
8
714 Views
Last Modified: 2013-02-01
Is it possible to log into an SBS 2011 or Server 2012 Essentials server using VPN without a domain user account?
Can they do it with a local account?
0
Comment
Question by:cliffordgormley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38842064
There has to be a domain account on the SBS so thy can authorize.  There are no local accounts on a domain controller.  However the remote PC does not need to be a member of the domain.
0
 
LVL 96

Assisted Solution

by:Experienced Member
Experienced Member earned 250 total points
ID: 38842108
I always prefer a hardware VPN box. That way, any authorized person can have VPN access to the network. Server access is then a matter of have a user id and proper credentials.

... Thinkpads_User
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38842139
I would agree a VPN appliance/router is a much better solution from a security, perfomance, and managbility point of view, but I should ask why do you need a VPN.  There are a few reasons but with both of your server options you can access the server, PC's on the LAN, and shared folders using Remote Web Access and SSL, which is built-in and offers security advantages over a VPN.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:cliffordgormley
ID: 38842552
This question is an addition to this one here - http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_28016263.html

Since the users will have various OS's, including various Mac versions, they will have limited functionality with the server. So I'm not entirely sure if they will have Remote Web Access available to them.

So just to confirm. The best option would be a seperate VPN box that would allow them access through User ID and Credentials though it is possible for the remote pc's to access files on the server through VPN w/o them being part of a domain?
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 38842649
Looking at the other question, are these local or remote users?  A VPN is used for remote users accessing files.  If so yes any computer can access the server MAC, Linux, Windows home or pro using a VPN.
Every user does need a domain account to access but the PC does not have to join the domain.

In order to use RWA they must be Windows machines, home or pro, as they require Active-X which is not supported in other browsers.

In the other question you mention SBS 2011.  You are aware it will be discontinued in June through all but OEM channels, and those in December?
Server 2012 Essentials does not use Exchange but has better integration with Windows and MAC computers as well as pro of course.
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 38843478
If you have a VPN appliance, then you can do what you want above.

If you wish to use SBS2011 instead of a VPN appliance, then you need to follow RobWill's approach.  
... Thinkpads_User
0
 

Author Closing Comment

by:cliffordgormley
ID: 38843943
Thanks for the answers! I will be looking into both options for the user and actually pushing towards Server 2012 Essentials.
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 38843965
@cliffordgormley - You are most welcome. I was happy to help and good luck going forward.

.... Thinkpads_User
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question