I may be missing something basic during this discussion. Please help me with understanding.
Generally, it makes sense that an inability to access domain resources will cause a lengthy and error-filled login process.
Question 1:
Why doesn't it happen all of the time to off-site laptops if the user logs in with a domain account?
There must be a critical decision point during login where the OS decides whether or not to pursue full domain authentication.
Question 2:
If VPN is needed, then does the Microsoft client have an Auto-Init function similar to chapter 3 of http://www.netometer.com/books/vpnclient.pdf ?
Yes, but possibly not like you are thinking. The problem with a layer-7 product is that layer-7 has to be initiated. This means that the client/server must be fully initialized before the application can take effect thereby limiting some of what you can and can't do. For this functionality, check out ipsec vpn's can do for you. You can set them up between the computer and the resources if you choose. Doing this across firewalls is a little more tricky, but can also be done such that when the client logs onto the workstation, the tunnel is already setup.
Thank you.
Richard
