Add to the domain or not

Networking services
Hi all - I'm in a quandary - we have a new President and he will be working out of a remote office with no file server, the only access they will have back to the home office is with VPN. Now he will spend time at the home office (not sure how much but he will be here sometimes) so here's the question: Do I put his laptop in the domain or not (there will be a docking station at the home office for him to use)? Will it help when he makes the VPN connection to be part of the domain or cause problems? I'm torn which way to go - for setup and configuration, security etc, being part of the domain is easier (ok - so it forces them to log into the computer rather than have it boot up with no password). But being in a remote office, not sure if it will cause him (or me) problems. My gut check is to go ahead and put the computer on the domain - even if he only is here for a few weeks out of the year - but I'm just not sure if that is the best solution. So I ask for all of your input. thanks!! Lirria

Answer Wiki

Thanks. We'll let you know when a new response is added.

For security and consistency have him as part of the domain and access through the VPN. If he has to access shares it is better for you to control all the security after all, you are probably already responsible for anything that goes wrong.

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • PDMeat
    I would say add him to the domain but be careful which GPOs and policies will apply to him, watch out what logon scripts do and make sure you put his subnet in AD Sites and Services. A big concern will be password policy. If he misses changing his password and it expires because he's been offline for a while, depending on how the VPN works when he connects, he might get bounced trying to reach some resources. Also, set up his Antivirus to be a self managing client if you have a centralized server for others since he may have issues updating over VPN. Sometimes it's just slow. If he is using a software VPN client to connect, you should block local LAN access in case he travels or goes home and connects a foreign subnet up on your network through his PC VPN. (blocking local LAN access will have other consequences though like slow internet access)
    0 pointsBadges:
  • Spadasoe
    Definitely put him in the domain. If you have a good GPO structure you want that appied to all your machines. Have you considered a branch office setup for the VPN? Site to site VPNs are relatively econmical and easy to set up. Look at the pix 501 for a possible solution. I have 6 of these deployed and they are easy to administer once configured.
    5,130 pointsBadges:
  • Lirria
    I was actually considering setting up the Firewall (not yet installed at that location) to have a static tunnel to us - figured that would make life much easier for me in the long run and since there are only going to be 5-10 people at the location not to bad. And that way they don't have to use the VPN connection when they are in the office. Sounds like the over all consensus it to add the computer to the domain - so I'll do that. When the new location actually gets the data installed the new firewall will go there and be configured back to us and we should be set (ok - keeping my fingers crossed - the 2 new offices have been nothing but trouble up to now) Thanks for all the great advice!! Lirria
    0 pointsBadges:
  • Owenmpk
    I will weigh in on this also. If you are using Cisco VPN 3000 I would also setup a firewall as a VPN concentrator. With this config laptop users will beable to connect from anywhere in the world to the office. The client runs as a service so you can configure to connect before domain/system logon this way passwords, updates etc are aways run for your remote systems. I know this works very well becuase I deployed 5 concentrators world wide for 1400 users and supported them for 6 years and the setup was very stable. We used SecurID tokens for VPN authenication.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: