You need a remote access policy. The only way to truly enforce it is to provide hardware firewalls, host-based intrustion detection systems, firewalls and anti-virus software as well as the serves to configure them accordingly. Then and only then enabling users for remote access to the corporate network. An alternative would be to make software available for download and installating (pre-configured) and use a state checking/quarantine system to allow or disallow computers from establishing remote access sessions based on policies. This is more expensive and complex but reduces expense and administrative overhead in the long run.