Internal VPN Clients Can Still See Domain Objects After Disconnect

My company is running a RAS server that is Windows Server 2003 SP1. All of
our clients, laptop and desktop are all XP Professional. We have several
off-site employees that use our internal VPN when they come into the office.
It has been discovered that once they have established a VPN connection and
the disconnected, they can still access files, folders, printers, etc.
without having to authenticate. If they log off their laptops and logon
again and try to access domain objects without using VPN first, they cannot
do so. I take it that this is not typical behavior and if not, then how can
this issue be resolved?

What issue exactly? VPN (or any remote access system) works in a
different way from a LAN connection, and is not covered by the same rules.
Remote users are covered by remote access policies, not domain policies.
They do not even need to be domain members or log on to the domain.

Lee wrote:
> My company is running a RAS server that is Windows Server 2003 SP1.
> All of our clients, laptop and desktop are all XP Professional. We
> have several off-site employees that use our internal VPN when they
> come into the office. It has been discovered that once they have
> established a VPN connection and the disconnected, they can still
> access files, folders, printers, etc. without having to authenticate.
> If they log off their laptops and logon again and try to access
> domain objects without using VPN first, they cannot do so. I take it
> that this is not typical behavior and if not, then how can this issue
> be resolved?