need an advise for domain setup

Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory

Author: poorprince PostPosted: Fri Dec 10, 2010 9:10 pm    Post subject: need an advise for domain setup
    ----
I have setup a domain envoirment and create vpn setup. most of our office users are worked remotley and now connect with office network using vpn and use domain resoures like file and print sharings etc.
my ques is
is that possible the remote users join domain and use domain resources like normal users in lan, they dont need to enter domain/account passowrd every time when they use domain resources like servers etc.
if i connect a remote system on domain then how overcome there login issues when they are on remote locations.

Author: Bannerd PostPosted: Thu Dec 23, 2010 1:55 pm    Post subject:
    ----
Yes, a better way to do it is to have them login to the domain right on login. If you're new to VPN and need a quick fix, look into sonicwall VPN-2000 server box. If you want something more secure look into fortinet, they have some really nice devices that can do exactly what you're wanting.

We use openVPN here but it's a bit complicated to setup. If you have the time I would suggest you go this route as it really helps explain the process. There is no reason that a user cannot login to the domain on login and use the DNS resources on your network.

Author: WeaverLocation: WI, USA PostPosted: Sat Jan 22, 2011 2:45 am    Post subject:
    ----
Windows will first try to authenticate to a resource using the *current* logged in user credentials, unless other credentials are specified in "Windows Vault." This goes for SMB/CIFS file shares, printing, and even Internet Explorer if presented with an NTLM challenge on a website.

This behavior is part of the Windows Single Sign-On (SSO) paradigm.

An Active Directory Domain is many things, one of which is central yet distributed database of credentials, both user and machine.

If the remote workstation is a member of the domain and the user signs in the computer with domain credentials then whenever that user attempts to access resources the domain credentials will be attempted first.

If both user and resource (shares, printers, etc.) are members of the same domain, they can authenticate each other (Kerberos, NTLM), and then check whether access is permitted or denied based on permissions that have been assigned to the resource.

To make a remote access paradigm smooth:



-Weaver



Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group