Using cached credentials

HELP! I started working this new job several months ago. I have about 50
users that work from home regularly. I have them logging into their laptops
using their cached credentials and that works great. They use Cisco VPN
client and they are able to RDP into their workstations at work. However, we
would like them not to RDP into their workstation so that they can have
access to the network drives. We want them to use cached credentials to
login to the laptop, use our VPN client and then access their network drives.
I created a script to map these network drives automatically but the network
indicates it requires user credentials and passwords (which would be okay)
but when we put in the user's id and password it responds that the user is
already logged into the system and can't login twice. We were able to get
everything to work if we logged into the computer using a local account, VPN
into the network and then used the user's id and password. I am sure it is
probably a local computer policy but can't seem to figure it out. Any help
is appreciated.

Joey <(E-Mail Removed)> wrote:
> HELP! I started working this new job several months ago. I have
> about 50 users that work from home regularly. I have them logging
> into their laptops using their cached credentials and that works
> great. They use Cisco VPN client and they are able to RDP into their
> workstations at work.

Well and good.

> However, we would like them not to RDP into
> their workstation so that they can have access to the network drives.
> We want them to use cached credentials to login to the laptop, use
> our VPN client and then access their network drives.

Oh my heavens, why? The performance for any kind of file access over VPN is
not going to be great, even with smallish files. You are *much* better off
continuing to use RD - whether to their desktops, or to a Terminal Services
box (better still).

> I created a
> script to map these network drives automatically but the network
> indicates it requires user credentials and passwords (which would be
> okay) but when we put in the user's id and password it responds that
> the user is already logged into the system and can't login twice.
> We were able to get everything to work if we logged into the computer
> using a local account, VPN into the network and then used the user's
> id and password. I am sure it is probably a local computer policy
> but can't seem to figure it out. Any help is appreciated.

I'm presuming the passwords haven't been changed on the server & not updated
on the client, and that your DHCP/RAS server is giving them the correct IP
info (no public DNS servers, for one).

When the user has the VPN tunnel enabled, make sure they can ping the server
by name (meaning, they can ping SERVERNAME and get a reply from
SERVERNAME.domain.com).

I personally like to 'delete all' ... then remap without creating a
persistent connection, so I'd then have them try:

net use * /del
net use x: \\server\share /persistent:no

But again, I don't think this is going to be a good solution for most users,
unless you are having them connect, sync to offline files via one of many
methods, and have them work on the local copy. TS/RD is so much more
efficient where bandwidth is concerned; all that's getting sent across the
wire are mouse/keyboard info & screenshots.

I am not sure the issue. After they establish VPN and do "net use \\servername\sharename", what's the system error?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Joey" <(E-Mail Removed)> wrote in message news:7370B9FD-C212-4D91-A423-(E-Mail Removed)...
HELP! I started working this new job several months ago. I have about 50
users that work from home regularly. I have them logging into their laptops
using their cached credentials and that works great. They use Cisco VPN
client and they are able to RDP into their workstations at work. However, we
would like them not to RDP into their workstation so that they can have
access to the network drives. We want them to use cached credentials to
login to the laptop, use our VPN client and then access their network drives.
I created a script to map these network drives automatically but the network
indicates it requires user credentials and passwords (which would be okay)
but when we put in the user's id and password it responds that the user is
already logged into the system and can't login twice. We were able to get
everything to work if we logged into the computer using a local account, VPN
into the network and then used the user's id and password. I am sure it is
probably a local computer policy but can't seem to figure it out. Any help
is appreciated.

"Lanwench [MVP - Exchange]"
<(E-Mail Removed) hoo.com> wrote in message
news:(E-Mail Removed)...
> Joey <(E-Mail Removed)> wrote:
>> HELP! I started working this new job several months ago. I have
>> about 50 users that work from home regularly. I have them logging
>> into their laptops using their cached credentials and that works
>> great. They use Cisco VPN client and they are able to RDP into their
>> workstations at work.
>
> Well and good.
>
>> However, we would like them not to RDP into
>> their workstation so that they can have access to the network drives.
>> We want them to use cached credentials to login to the laptop, use
>> our VPN client and then access their network drives.
>
> Oh my heavens, why? The performance for any kind of file access over VPN
> is not going to be great, even with smallish files. You are *much* better
> off continuing to use RD - whether to their desktops, or to a Terminal
> Services box (better still).
>
>> I created a
>> script to map these network drives automatically but the network
>> indicates it requires user credentials and passwords (which would be
>> okay) but when we put in the user's id and password it responds that
>> the user is already logged into the system and can't login twice.
>> We were able to get everything to work if we logged into the computer
>> using a local account, VPN into the network and then used the user's
>> id and password. I am sure it is probably a local computer policy
>> but can't seem to figure it out. Any help is appreciated.
>
> I'm presuming the passwords haven't been changed on the server & not
> updated on the client, and that your DHCP/RAS server is giving them the
> correct IP info (no public DNS servers, for one).
>
> When the user has the VPN tunnel enabled, make sure they can ping the
> server by name (meaning, they can ping SERVERNAME and get a reply from
> SERVERNAME.domain.com).
>
> I personally like to 'delete all' ... then remap without creating a
> persistent connection, so I'd then have them try:
>
> net use * /del
> net use x: \\server\share /persistent:no
>
> But again, I don't think this is going to be a good solution for most
> users, unless you are having them connect, sync to offline files via one
> of many methods, and have them work on the local copy. TS/RD is so much
> more efficient where bandwidth is concerned; all that's getting sent
> across the wire are mouse/keyboard info & screenshots.
>


You could get around the credentials problem by using the "Log in using
a dualup connection" option in the login dialog box. Instead of doing a
local login first, the user logs into the domain as a remote user. But like
Lanwench I can't imagine why you would want to use that method instead of
RDP/TS. If you think VPN gives you extra security, set up a VPN connection
an then run terminal services across the VPN link. That way only the KVM
data has to cross the VPN link.

Part of the reasoning for having these folks have laptops is that in case of
disasters (where building is not available) we want them to login to our
backup server that is located about 30 miles away.

"Robert L [MVP - Networking]" wrote:

> I am not sure the issue. After they establish VPN and do "net use \\servername\sharename", what's the system error?
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Joey" <(E-Mail Removed)> wrote in message news:7370B9FD-C212-4D91-A423-(E-Mail Removed)...
> HELP! I started working this new job several months ago. I have about 50
> users that work from home regularly. I have them logging into their laptops
> using their cached credentials and that works great. They use Cisco VPN
> client and they are able to RDP into their workstations at work. However, we
> would like them not to RDP into their workstation so that they can have
> access to the network drives. We want them to use cached credentials to
> login to the laptop, use our VPN client and then access their network drives.
> I created a script to map these network drives automatically but the network
> indicates it requires user credentials and passwords (which would be okay)
> but when we put in the user's id and password it responds that the user is
> already logged into the system and can't login twice. We were able to get
> everything to work if we logged into the computer using a local account, VPN
> into the network and then used the user's id and password. I am sure it is
> probably a local computer policy but can't seem to figure it out. Any help
> is appreciated

Joey <(E-Mail Removed)> wrote:
> Part of the reasoning for having these folks have laptops is that in
> case of disasters (where building is not available) we want them to
> login to our backup server that is located about 30 miles away.

Does that backup server have replicated data files from your main server?

There's no reason they can't do both, you know - use RD whenever
possible,VPN-based file access when necessary. VPN can secure both.
>
> "Robert L [MVP - Networking]" wrote:
>
>> I am not sure the issue. After they establish VPN and do "net use
>> \\servername\sharename", what's the system error?
>>
>> Bob Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com "Joey"
>> <(E-Mail Removed)> wrote in message
>> news:7370B9FD-C212-4D91-A423-(E-Mail Removed)... HELP!
>> I started working this new job several months ago. I have about
>> 50 users that work from home regularly. I have them logging into
>> their laptops using their cached credentials and that works great.
>> They use Cisco VPN client and they are able to RDP into their
>> workstations at work. However, we would like them not to RDP into
>> their workstation so that they can have access to the network
>> drives. We want them to use cached credentials to login to the
>> laptop, use our VPN client and then access their network drives. I
>> created a script to map these network drives automatically but the
>> network indicates it requires user credentials and passwords
>> (which would be okay) but when we put in the user's id and
>> password it responds that the user is already logged into the
>> system and can't login twice. We were able to get everything to
>> work if we logged into the computer using a local account, VPN into
>> the network and then used the user's id and password. I am sure it
>> is probably a local computer policy but can't seem to figure it out.
>> Any help is appreciated