Small remote office and VPN

Discussion in 'Windows Networking' started by =?Utf-8?B?TWljaGFlbA==?=, Jun 7, 2004.

  1. I have a small remote office with 3 XP and VPN connection to our main office, the bandwidth is 1-3M, I want them using our exchange server, should I let them join our domain, or just run as workgroup? Will the VPN be a problem for user logon? or should I put a DC there (I don't have the budget)
    Thanks for help
    Michael
     
    =?Utf-8?B?TWljaGFlbA==?=, Jun 7, 2004
    #1
    1. Advertisements

  2. =?Utf-8?B?TWljaGFlbA==?=

    Alex Tarata Guest

    Hi Michael,

    Here are my 2 cents: join the XP computers to the domain and make sure that
    cached credentials are used for logons on those computers in case the VPN is
    not available when users try to authenticate to the domain (ie: when they
    log in).

    If the VPN is up and running at all times and your 3 XP boxes are set up
    with the primary DNS server as your Active Directory / DNS server than
    everything should be fine. And certenly there is no need to place a DC
    there, not for 3 workstations.

    Hope this helps.

    Alex


    office, the bandwidth is 1-3M, I want them using our exchange server, should
    I let them join our domain, or just run as workgroup? Will the VPN be a
    problem for user logon? or should I put a DC there (I don't have the
    budget)?
     
    Alex Tarata, Jun 7, 2004
    #2
    1. Advertisements

  3. =?Utf-8?B?TWljaGFlbA==?=

    Alex Tarata Guest

    Hi Michael,

    In the group policy that affects those workstations change the following
    setting to a value greater than the total number of users that would log on
    to the same workstation (for example if 5 people log on to the same
    workstation and you want to use cached credentials for all 5 people then set
    the setting to 5):

    'Computer Configuration -> Windows Settings -> Security Settings -> Number
    of previous logons to cache (in case domain controller is not available)'

    However I think that cached credentials might be used by default but it
    would be safer to explicitely specify it through group policy.

    Hope this helps.
     
    Alex Tarata, Jun 7, 2004
    #3
  4. In addition to the VPN/domain advice - for remote users, it's usually best
    to set up Outlook with an OST file (for offline use) and have the profile
    set to work offline by default - you can set up Outlook to sync
    automatically with the Exchange server in the background while offline.
     
    Lanwench [MVP - Exchange], Jun 7, 2004
    #4
  5. I wouldn't do cached credentials. First the machines have to actually log
    into the domain at least once just to get tham,...and then do it again if
    you lose them. You'd probably have to physically transport the machines to
    where the DC is to do that initially.

    There are more than one kind of VPN....what kind is this?

    If it is Remote Access VPN where each user makes their own
    connection.........
    Make the machines Domain Members. At the Crtl-Alt-Del prompt that user must
    check the box that says "Log on using this dialup connection" and choose the
    VPN Connectiod. It will then activate the VPN first then log the machine
    into the Domain. This is as close as you will get to normal behavor with
    this.

    If it is a Site-to-Site VPN where it is always "up" and the users don't
    activate it nor are even aware of it, then the client machines should behave
    as normal with out doing anything unusual.
     
    Phillip Windell, Jun 7, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.