I have a WatchGuard M370 Firebox with L2TP and IPSec. My users login to the firebox and then to a terminal server or in some cases their desktops. It's basically a 2 factor system, they login to the firebox and then to the server - I want to keep that. I have a bunch of users who take home laptops and work at home and I'm wondering if there's a way to have my Group Policy enforced while they are on VPN. My VPN is a dmz so it's not actually part of the network, however, if you type and IP address chances are you'll get where you need to go. SO for example my home users connect to a terminal server in the DMZ. They are using Laptops we created here, but if they are not acknowledged on the domain after 60 days I'm having to put them back on the domain because the trust relationship fails. I want to try to avoid this. Is there a way to do it?