Hi, On our network we use separate VPN credentials such that if a users VPN account is compromised, it would not provide access to much infrastructure. Typically when we take a laptop out, we log on using the cached credentials for the domain account, then connect to the VPN using the VPN account. So each user has two accounts (eg. VPNBob and Bob). This works fine but of course there is always one user who needs something a bit more challenging.. In this case a user needs to log on and run their logon scripts. I noticed the log onto the domain using VPN option in some articles and ASSUMED that this meant you could establish a VPN using your VPN account and then log onto the workstation using your domain account. That does not work though, instead the machine logs in as your VPN account which accomplishes nothing.. A work around is to then select 'Switch user' while logged in as the VPN account on the workstation and log in as the domain account, which then runs your logon script and things work OK after this. We could log on to the workstation using cached credentials, connect to the VPN and run the logon script, but I'd like to know if there is a way this could all be done in one step, rather then having to switch users/run scripts manually. Thank you!

When comparing first and last statement I see the contradiction. You want to want to break the "two credentials rule" with "one credentials rule". I would recommend different security procedure, not only passwords. From the point of view of topic, I would recommend to place the question in Security forum(s) as it does nothing with networking. Regards milos

When comparing first and last statement I see the contradiction. You want to want to break the "two credentials rule" with "one credentials rule". I would recommend different security procedure, not only passwords. From the point of view of topic, I would recommend to place the question in Security forum(s) as it does nothing with networking. Regards milos

This is not an answer.. I have re-posted the question in the security forum.. There is no contradiction.. We simply want to be able to bring up a VPN connection using VPN credentials, and then log into the workstation using alternate credentials without having to switch users. This makes the logon process easier for the user,but still maintains seperate credentials before domain access is granted. The effect should be the user can log in as Bob as though they were in the office, as they established the VPN before logging in.