Synchronizing domain membership via VPN

O

o_jay83

Company policy has dictated no-one is allowed to be a local
administrator on their computer. Sometimes we need to allow select
users to be administrators temporarily to install some software on
their computers or to work with a program that will not function
without admin rights.

When they are on the network this is achieved by putting them into a
temp admin group (the temp admin group is in their local administrators
group). Once they log off and on again they have their admin rights.
After a predetermined amount of time they are removed from the temp
admin group.

The problem occurs however when they are not in the office. We can add
them to the group but even if they connect to VPN their membership in
the temp admin group is not recognized. Is there a way to force
synchronize security information such as this after logon if they are
connected to VPN... or for that matter if they are connected to the
network so they don't have to log off and on?
 
S

Steven L Umbach

Try to have them logon to the VPN before they logon to their computer by
selecting the option to logon via dialup connection which they may not see
until they select the options box. When they do that they will be prompted
to select the VPN connectoid to logon with. I am not sure it will work but
it is worth a try. If that works they will be in the local administrators
group until at least they logoff and then logon again via the same option
assuming they are removed from the group by then. --- Steve
 
O

o_jay83

They are not connecting via a dial-up connection though, they are
connecting using our VPN client software (Secure Access Client).
 
S

Steven L Umbach

Then I don't believe you can do what you want with VPN users. --- Steve
 
P

Paul Adare

They are not connecting via a dial-up connection though, they are
connecting using our VPN client software (Secure Access Client).
Click to expand...

Doesn't matter. The "dial-up connection" bit of that check box is a hold
over from the days before VPN access was available. It doesn't mean that
you can only use a phone and modem connection. If your VPN client
installs a connectoid in the Network Connections folder and if that
connectoid is available to all users on the computer then this should
still work. If it doesn't then you should contact the VPN client vendor
or look at using a different VPN client.
--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain Admin vs Local Admin 7
user rights concerning vpn connections 1
How to secure the Administrator account? 7
Administrator without admin rights problem 1
Group Policy and user level access 11
Windows 7 Restricting Rights 2
restricting admin to specific machines 1
User rights for time zone changing 1

Top