Windows 7 log onto domain using different VPN credentials
Hi,
On our network we use separate VPN credentials such that if a users VPN account is compromised, it would not provide access to much infrastructure. Typically when we take a laptop out, we log on using the cached credentials for the domain account, then connect
to the VPN using the VPN account. So each user has two accounts (eg. VPNBob and Bob).
This works fine but of course there is always one user who needs something a bit more challenging.. In this case a user needs to log on and run their logon scripts. I noticed the log onto the domain using VPN option in some articles and ASSUMED that this
meant you could establish a VPN using your VPN account and then log onto the workstation using your domain account.
That does not work though, instead the machine logs in as your VPN account which accomplishes nothing.. A work around is to then select 'Switch user' while logged in as the VPN account on the workstation and log in as the domain account, which then runs
your logon script and things work OK after this.
We could log on to the workstation using cached credentials, connect to the VPN and run the logon script, but I'd like to know if there is a way this could all be done in one step, rather then having to switch users/run scripts manually.
Thank you!
May 28th, 2012 6:29pm
When comparing first and last statement I see the contradiction. You want to want to break the "two credentials rule" with "one credentials rule". I would recommend different security procedure, not only passwords.
From the point of view of topic, I would recommend to place the question in Security forum(s) as it does nothing with networking.
Regards
milos
Free Windows Admin Tool Kit Click here and download it now
May 29th, 2012 2:46am
When comparing first and last statement I see the contradiction. You want to want to break the "two credentials rule" with "one credentials rule". I would recommend different security procedure, not only passwords.
From the point of view of topic, I would recommend to place the question in Security forum(s) as it does nothing with networking.
Regards
milos
May 29th, 2012 2:58am
This is not an answer.. I have re-posted the question in the security forum..
There is no contradiction.. We simply want to be able to bring up a VPN connection using VPN credentials, and then log into the workstation using alternate credentials without having to switch users. This makes the logon process easier for the user,but still
maintains seperate credentials before domain access is granted.
The effect should be the user can log in as Bob as though they were in the office, as they established the VPN before logging in.
Free Windows Admin Tool Kit Click here and download it now
June 5th, 2012 11:17pm