Re: Synchronizing domain membership via VPN

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/28/05

  • Next message: Karl Levinson, mvp: "Re: Network Services accessed after account disabled" 
    Date: Thu, 27 Oct 2005 18:24:41 -0500

    Try to have them logon to the VPN before they logon to their computer by
    selecting the option to logon via dialup connection which they may not see
    until they select the options box. When they do that they will be prompted
    to select the VPN connectoid to logon with. I am not sure it will work but
    it is worth a try. If that works they will be in the local administrators
    group until at least they logoff and then logon again via the same option
    assuming they are removed from the group by then. --- Steve

    <o_jay83@hotmail.com> wrote in message
    news:1130374315.380467.41550@g14g2000cwa.googlegroups.com...
    > Company policy has dictated no-one is allowed to be a local
    > administrator on their computer. Sometimes we need to allow select
    > users to be administrators temporarily to install some software on
    > their computers or to work with a program that will not function
    > without admin rights.
    >
    > When they are on the network this is achieved by putting them into a
    > temp admin group (the temp admin group is in their local administrators
    > group). Once they log off and on again they have their admin rights.
    > After a predetermined amount of time they are removed from the temp
    > admin group.
    >
    > The problem occurs however when they are not in the office. We can add
    > them to the group but even if they connect to VPN their membership in
    > the temp admin group is not recognized. Is there a way to force
    > synchronize security information such as this after logon if they are
    > connected to VPN... or for that matter if they are connected to the
    > network so they don't have to log off and on?
    >

  • Next message: Karl Levinson, mvp: "Re: Network Services accessed after account disabled"

    Relevant Pages

    • RE: SBS Standard VPN Setup using L2TP
      ... I understand that the login script is not applied when users logon through ... Windows" dialog box and choose an appropriate connection to gain access to ... and then logon by using dial-up connection option after you create the VPN ... Did you configure a login script group policy in AD or configure a logon ...
      (microsoft.public.windows.server.sbs)
    • Re: Bypass Domain GPO when not connected to network?
      ... There is an option to logon via dial up connection ... choose the VPN connectoid. ... them how to use secedit/gpupdate to refresh computer configuration policy ...
      (microsoft.public.win2000.security)
    • Re: offline files and vpn
      ... Perhaps try establishing the VPN connection PRIOR to logging into your ... Options>> Windows Logon Properties ... The folder is set up for offline use. ...
      (microsoft.public.windowsxp.work_remotely)
    • Where are VPN Connections in Windows Logon Dialog Box?
      ... up connection" in the Windows XP Logon Screen, ... The workstation then dials in to the RAS server, ... No we are implementing a Windows 2003 RAS Server with VPN over IPSec for our ...
      (microsoft.public.windowsxp.work_remotely)
    • Logon to domain through VPN
      ... I have a windows xp PC try to logon to the domain controller remotely ... through VPN connection, failed. ... password, after two prompt, it just dropped connection. ...
      (microsoft.public.windowsxp.work_remotely)