Options
Switch User - VPN service question
Pash
Member Posts: 1,600 ■■■■■□□□□□
Hi vista experts!
Well i made a big boo boo yesterday. Gave a user a laptop without making sure they logged into the domain here first of all. They are at home today trying to work, no way of logging onto the laptop without us giving them the local admin password.
My question is - If they log on as the local admin account, connect to our VPN network here and then Switch User. Will the VPN service still redirect the traffic through the VPN and therefore allow domain authentication? The local host and lmhost files have entries for main DC name resolution already.
If anyone can clear this up, you would be given superstar status from me!
Cheers,
Pash
Well i made a big boo boo yesterday. Gave a user a laptop without making sure they logged into the domain here first of all. They are at home today trying to work, no way of logging onto the laptop without us giving them the local admin password.
My question is - If they log on as the local admin account, connect to our VPN network here and then Switch User. Will the VPN service still redirect the traffic through the VPN and therefore allow domain authentication? The local host and lmhost files have entries for main DC name resolution already.
If anyone can clear this up, you would be given superstar status from me!
Cheers,
Pash
DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
Comments
-
Options
sprkymrk
Member Posts: 4,884 ■■■□□□□□□□
We had a very similar situation here once. Users took the laptop to an offsite location 4 hours away without first logging on to our domain.
I think we did something close to what you are trying but like this:
Log in as local admin on the laptop.
Reconfigure the VPN to launch at startup, this way they actually log into the VPN FIRST when the laptop starts with their domain username/pw.
Restart the laptop, the VPN logon comes up rather than the laptop logon. Log into VPN with domain credentials. This caches their profile on the laptop.
Reconfigure the VPN back to normal (so it doesn't start automatically).
Restart or just log off/on.
HTH
All things are possible, only believe. -
OptionsPash
Member Posts: 1,600 ■■■■■□□□□□
sprkymrk wrote:We had a very similar situation here once. Users took the laptop to an offsite location 4 hours away without first logging on to our domain.
I think we did something close to what you are trying but like this:
Log in as local admin on the laptop.
Reconfigure the VPN to launch at startup, this way they actually log into the VPN FIRST when the laptop starts with their domain username/pw.
Restart the laptop, the VPN logon comes up rather than the laptop logon. Log into VPN with domain credentials. This caches their profile on the laptop.
Reconfigure the VPN back to normal (so it doesn't start automatically).
Restart or just log off/on.
HTH
Thanks mark, that is a good suggestion. The user also confirmed this method works:
Log into local admin account, connect to VPN and leave it connected, switch user, logon using domain suffix i.e. TechExams\Pash and password and this authticated and created the local profile, meaning the user can now used this cached profile when required!DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me. -
Optionssprkymrk
Member Posts: 4,884 ■■■□□□□□□□
Ok good to know Pash. Glad you got it working.
All things are possible, only believe.