Answers in-line

On 6/5/06, Richard Kline <[EMAIL PROTECTED]> wrote:

I may be missing something basic during this discussion.   Please help me with understanding.

  Generally, it makes sense that an inability to access domain resources will cause a lengthy and error-filled login process. 

  Question 1:

Why doesn't it happen all of the time to off-site laptops if the user logs in with a domain account?

 
 
[Al] Laptops have a nasty habit of giving users a pop-up that they subsequently ignore with alarming regularity.  This occurs when the laptop alerts said user that no network Dc's were found and that the user is using cached credentials to authenticate. If you further don't change passwords in the domain on a regular basis, then you may never notice this.

There must be a critical decision point during login where the OS decides whether or not to pursue full domain authentication.

 

Question 2:

If VPN is needed, then does the Microsoft client have an Auto-Init function similar to chapter 3 of   http://www.netometer.com/books/vpnclient.pdf ?

 Yes, but possibly not like you are thinking.  The problem with a layer-7 product is that layer-7 has to be initiated.  This means that the client/server must be fully initialized before the application can take effect thereby limiting some of what you can and can't do. For this functionality, check out ipsec vpn's can do for you.  You can set them up between the computer and the resources if you choose. Doing this across firewalls is a little more tricky, but can also be done such that when the client logs onto the workstation, the tunnel is already setup.

 
Does that help you understand the conversation a little better? Suffice it to say, the organization that he works in setup firewalls between the user workstations/laptops and the domain controllers.  What the reason is or the effectiveness of the decision is not really important to the conversation.  That's a red herring and purely a debatable portion of another conversation.

 
 

Thank you.

 

Richard

 

 

 


Reply via email to