Announcement

Collapse
No announcement yet.

Laptops and Domain Controllers: The Connection Dilemma

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Laptops and Domain Controllers: The Connection Dilemma

    Background: 2K3 domain, XP Pro clients

    We've got a certain classification of users that never come into an office with a DC, or into an office w/ a VPN to a network w/ a DC. They work in the field at random locations. So, we've set them up on laptops off the domain.

    We're thinking about how we can set up these laptops on the domain, and have them occasionally authenticate w/ the domain, but without a VPN client on each laptop. Has anyone heard of something like this?
    ** Remember to give credit where credit is due and leave reputation points where appropriate **

  • #2
    Re: Laptops and Domain Controllers: The Connection Dilemma

    How much security are you looking for?
    Is it OK if the computer account passwords never expire?

    This is what I'm thinking you might could do:
    -Setup a new domain in a new forest
    -Configure a forest trust so the laptops will be able to access resources in the main forest
    -Configure the computer account passwords to never expire

    Kinda crazy, no?
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Laptops and Domain Controllers: The Connection Dilemma

      Originally posted by Wired View Post
      Background: 2K3 domain, XP Pro clients

      We've got a certain classification of users that never come into an office with a DC, or into an office w/ a VPN to a network w/ a DC. They work in the field at random locations. So, we've set them up on laptops off the domain.

      We're thinking about how we can set up these laptops on the domain, and have them occasionally authenticate w/ the domain, but without a VPN client on each laptop. Has anyone heard of something like this?
      I have seen this exact question somewhere before. I wish I had seen the answer to it.
      1 1 was a racehorse.
      2 2 was 1 2.
      1 1 1 1 race 1 day,
      2 2 1 1 2

      Comment


      • #4
        Re: Laptops and Domain Controllers: The Connection Dilemma

        Why without a VPN Client? With a natting VPN client which is hosted at your company firewall they could authenticate every day. It's still a good idea to have their passwords without expiry (the user, not the machine this time) because some VPN solutions are not good at delivering the Domain's messages about password expiry to the client.

        Without a VPN client you would need a second domain (in the DMZ of your company network I would have thought???) for them to log into from the Internet.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: Laptops and Domain Controllers: The Connection Dilemma

          Originally posted by Stonelaughter View Post
          Without a VPN client you would need a second domain (in the DMZ of your company network I would have thought???) for them to log into from the Internet.
          Yes, a second domain but in a different forest. That way you will have an administrative boundary between the domains. You wouldn't want your internal forest exposed like it would be if the 2nd domain was in the same forest.
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Re: Laptops and Domain Controllers: The Connection Dilemma

            If the laptops are all using XP Pro, is there any reson why you would not want to use the PPTP VPN client that is already integrated into XP?

            With RRAS on Server 2003 configured to answer PPTP VPN requests, all you have to open up is port 1723 for your users to connect remotely. Your tunnel is encrypted, plus you can encrypt the data.
            Network Engineers do IT under the desk

            Comment

            Working...
            X