Sometimes you don't really have a choice, as it makes good business sense to allow it.
A VPN can be configured to allow appropriate-only access. It does not have to be synonymous with a free-for-all connection. The TS solution has licensing implications, as well. Hopefully, 5 weeks is enough time for you to get the nuances of this solution in place. I would recommend ensuring that the VPN is a viable plan B, in case there are some issues. I can almost foresee that you'll be supporting both on the 17th... *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz <[email protected]>wrote: > I would never, ever, allow non-company-managed PCs to connect to our VPN. > As you think, that’s just asking for all kinds of trouble. > > > > Since most of your home users won’t have MS Office on their home PCs, > they’ll get more done if you give them TS access to your standard corporate > suite of applications. I’m not sure how you could give the users RDP to > their actual desktop PCs if the PCs are in a moving van headed to your new > offices. > > > > -Malcolm > > > > *From:* David Lum [mailto:[email protected]] > *Sent:* Wednesday, November 10, 2010 15:17 > *To:* NT System Admin Issues > *Subject:* Terminal Server or VPN? > > > > In a few weeks (Dec 17th) we’ll be having a massive “work from home” day > (200-ish users, because we’re moving our office to a different city) and we > have the option of standing up some Terminal Servers or just running with > VPN. Most users are expected to just want MS Office apps and Internet > Explorer. Several (a couple dozen) will also want RDP access to their > desktops. > > > > We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand > up more 2008 TS servers. I have no experience setting up TS farms or getting > them available for ability to his via Internet, although both of these > appear to be pretty straightforward. I am also under the impression that TS > via Internet uses less bandwidth than a straight-up VPN connection. > > > > VPN is already established but we’ll certainly have many users using their > home PC that don’t currently have VPN configured and would much rather have > them connect via Terminal Server than install, configure and then connect an > unknown system - from a security/patched/AV standpoint - to VPN. > > > > I think it’s kind of six of one half dozen of another as far as overall > effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN… > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 *// *(Cell) 503.267.9764 > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
