Workgroup Machine over VPN to Network

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Gents,

I've got a workgroup machine that has been set up with a VPN connection into the network. Is there any way to set up the machine so that it won't keep prompting me for the network login credentials whenever I access anything?

Ideally I'd just like to enter it once, and have the machine automatically supply the network credentials after that.

Thanks
Fergal

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

When I use the Windows VPN I don't get constantly prompted for credentials, Kerberos / KDC / TGT takes care of it all for me.

There are two ways to use the Windows VPN one is direct logon so you never in fact use a workgroup, the second seems to be a secondary logon with impersonation so you end up being logged onto both a workgroup and a domain.

You do not mention the VPN software you are using, this could have an effect on the matter.

 

It's a windows 7 machine, using the built-in vpn capability.

Unfortunately the machine can't be added to the domain at the moment, so it has to remain on the workgroup.

 

is it a Windows VPN? if so....

• set-up your VPN DUN configuration allowing other people to use this connection.
• reboot

• Crtl + Alt + Del get alternative login screen
• switch user (if needed)
• Click the blue button.
• you should then have a list of DUN configurations
• click the one you need
• Logon with VPN credentials when it connects.
• It will then try to logon to the remote domain using same credentials if it fails you will get another login screen.

 

Thats what I have described above.

 

I think you need to join the machine to the domain in order to use the blue button or primary VPN logon.
The machine will also need to be Windows Professional or Windows Ultimate due to licensing restrictions.
If this is true and Fergal can't join the domain then he is stuck with secondary login, this has some strange effects in that you don't have a full kerberos session, you can check with kerbtray that you in fact do not have the same tickets in your windows ticket cache.

You are authenticated to the domain though and should be able to access domain resources that use SSPI like shared folders.

 

Thanks Guys. Yeah it's the Windows VPN client that is being used.

I think the Windows version is fine, and I think at some point we'll end up joining it to the domain. However at the moment the office is running out of a fairly basic internet connection, and as such we're almost lucky to be able to connect to the network in the first place - let alone do much more. Once our line is installed, and the kit arrives, we should hopefully be able to extend it much further and in a more official capacity.

I'm definately able to access network resources (such as TFS) over the VPN successfully. It just asks me for the login credentials when I do so.

I'll take a poke around tomorrow, see what I can find. Cheers.

 

Not 100%, as I never have tried it myself, but I am sure I read that a PC on a workgroup can use this method to login to a remote domain via VPN. I am also sure it works on Windows 7 Pro and up (but of course that's expected for domain support anyway). Its basically the login via dial up connection from XP. Bare in mind you loose the workgroup when remotely connected.

I may be wrong

[UPDATE] you may have to use "control userpasswords2" and enable ctrl + alt +del for interactive logon on some occasions.

 

Sorry little confused are you wanting to VPN into a workgroup or VPN from a workgroup into a domain?

I presumed the latter.