Logon without authenticating with the DC

We have a number of XPe machines whose Domain Controller (Win 2003 Server)
is located over a VPN. Sometimes the logins are very slow and I'm
investigating possible solutions for this. I'm aware that there are various
reasons for this problem.

Is it possible for a user to log in to the domain without establishing any
connection to the Domain Controller? Is there a setting somewhere that can
control this?

The user and running applications would still need access to the local and
remote resources. For example, SQL replication and MSMQ remote public
queues.

Chris

I don't think there is.
I'm not sure if there's any change with W2K3, but when we did design for our
branch office environment, one of the key questions we asked was are there
any local resources in the domain. This was because we had no straightforward
way for this to be done without logon to the domain.

Gordon

"Chris" wrote:

> We have a number of XPe machines whose Domain Controller (Win 2003 Server)
> is located over a VPN. Sometimes the logins are very slow and I'm
> investigating possible solutions for this. I'm aware that there are various
> reasons for this problem.
>
> Is it possible for a user to log in to the domain without establishing any
> connection to the Domain Controller? Is there a setting somewhere that can
> control this?
>
> The user and running applications would still need access to the local and
> remote resources. For example, SQL replication and MSMQ remote public
> queues.
>
>
>

I am not sure that I follow this. What exactly do you think a domain
login does?

To make a domain login, you need to access the security database for the
domain (to verify your username and password, etc). The only way to do this
is to find a domain controller. The login operation doesn't involve anything
beyond this. If your domain is set up to so that clients run a logon script,
then that is a different matter. But it is not part of the domain logon
process.

On the slow login question, do you have a LAN to LAN VPN connection, or
are the clients "dialup" type VPNs?

Chris wrote:
> We have a number of XPe machines whose Domain Controller (Win 2003
> Server) is located over a VPN. Sometimes the logins are very slow
> and I'm investigating possible solutions for this. I'm aware that
> there are various reasons for this problem.
>
> Is it possible for a user to log in to the domain without
> establishing any connection to the Domain Controller? Is there a
> setting somewhere that can control this?
>
> The user and running applications would still need access to the
> local and remote resources. For example, SQL replication and MSMQ
> remote public queues.

"Chris" <(E-Mail Removed)> wrote in message
news:%234gIFL$(E-Mail Removed)...
> We have a number of XPe machines whose Domain Controller (Win 2003 Server)
> is located over a VPN. Sometimes the logins are very slow and I'm
> investigating possible solutions for this. I'm aware that there are
various
> reasons for this problem.
>
> Is it possible for a user to log in to the domain without establishing any
> connection to the Domain Controller? Is there a setting somewhere that
can
> control this?
>
> The user and running applications would still need access to the local and
> remote resources. For example, SQL replication and MSMQ remote public
> queues.

First, the primary answer is a big fat NO.

Second. The slow logon issue is most likely caused by improperly designed
DNS "scheme". It can also be caused by "Roaming Profiles", but I have a
feeling you are not using those.

Every machine on the network should use the DC's DNS (even the DC itself).
The ISP's DNS should not appear on any machine. You then add the ISP's DNS
to the Forwarder's List in the configuration of the DNS Service itself.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

If the VPN server is a domain member then you must authenticate to the
domain. If it is authenticating users to it's local user database [not
likely] then it would be possible to authenticate to the VPN server and then
authenticate to the local sam of domain computers but I seriously doubt that
this will solve anything. Look in the Event Viewer of the VPN clients and
the VPN server for any pertinent messages that may help explain the problem.
If you are using pptp or l2tp exclusively [not both] try configuring the VPN
connectoid one of the XP computers to use the correct type of server
l2tp/pptp and NOT automatic. Group Policy and logon scripts can slow down
VPN logon which you can manage via " slow link detection" settings as shown
in the link below. Sometime MTU settings need to be tweaked for VPN
connections particularly if DSL/ADSL is being used. --- Steve

http://support.microsoft.com/?id=227260

"Chris" <(E-Mail Removed)> wrote in message
news:%234gIFL$(E-Mail Removed)...
> We have a number of XPe machines whose Domain Controller (Win 2003 Server)
> is located over a VPN. Sometimes the logins are very slow and I'm
> investigating possible solutions for this. I'm aware that there are
> various
> reasons for this problem.
>
> Is it possible for a user to log in to the domain without establishing any
> connection to the Domain Controller? Is there a setting somewhere that
> can
> control this?
>
> The user and running applications would still need access to the local and
> remote resources. For example, SQL replication and MSMQ remote public
> queues.
>
>

If the number of users are located in the same location: simply put a DC near
the users and make it a Global Catalog. If the number of users are separated
from each other that's different; but putting a extra (slow) computer as DC
as a GC, will increase logon times and decrease network resource search times.

Savvy95
MCT, MCSE, MCDBA, CCNA

"Chris" wrote:

> We have a number of XPe machines whose Domain Controller (Win 2003 Server)
> is located over a VPN. Sometimes the logins are very slow and I'm
> investigating possible solutions for this. I'm aware that there are various
> reasons for this problem.
>
> Is it possible for a user to log in to the domain without establishing any
> connection to the Domain Controller? Is there a setting somewhere that can
> control this?
>
> The user and running applications would still need access to the local and
> remote resources. For example, SQL replication and MSMQ remote public
> queues.
>
>
>