Works like a charm, thanks
----- Chuck wrote: ----
On Mon, 7 Jun 2004 12:31:05 -0700, "James" <
[email protected]
wrote
Chuck
1) A user with a laptop that she wants to connect to a network in a differen
domain, and access resources there?
Yes...she has one laptop that she takes back and forth to 2 different locations, each with their own domains, resources etc. For example, when she logs in here she is user vhope on domain DFW01...at the other location, she is vhope on DFW02
Both domains are on the same WAN, but apparently don't have trust relationships set up
2) A user who wants to login to desktop computers located in a remote location
and access resources there
N
James
Any corporation with any electronic infrastructure (IOW, any corporation) need
to have its own security policy. And you will have to try and reconcile m
recommendations with your CSP, and with your domain structure, since I have n
idea what either contains. So here goes
This is the quick solution, which supports one computer
Since your network contains the home domain for VHope, you leave the lapto
joined to domain DFW01. Whenever she connects to your network, she can simpl
login as "VHope" in a normal domain login
You (are you domain admin for DFW01?) need to then setup her laptop to permi
local login to users in domain DFW02. When she needs to use her DFW02 accoun
(and she can do this from your network too), she can do a "local" login a
"DFW02\VHope". This will override the default authentication with her hom
domain DFW01, and authenticate her with DFW02
Of course, authenticating with DFW02 from your network, depending upon the siz
of the pipe between DFW01 and DFW02, may be substantially longer than fro
within the DFW02 network. But it will allow you to test the concept
When she connects to the DFW02 network, she will still login "locally" a
"DFW02\VHope". She can then access her DFW02 domain profile and associate
data
The advantage of this procedure is that she will be able to use her DFW01 an
DFW02 domain profiles (including persistent network connections) and associate
data, on the laptop, as appropriate, from either network
This is the more formal solution, which supports multiple computers
You, and a domain administrator for DFW02, need to establish a trus
relationship between the two domains. When that is done, any computer joined t
either domain, such as VHope's laptop, will by default, permit local login t
users in both domains (selected from the pull down domain list in the logi
wizard)
VHope would then select which ever domain she wishes to authenticate with, a
her convenience. She could authenticate with either domain, when connected t
either network
The advantage of this solution is that it is generally more scalable, shoul
additional employees need to migrate between the two locations. It may be mor
preferred by your CSP also.
Which ever solution you decide to use, James, remember that it should conform t
your CSP
Please let me know your thoughts in this matter so far, and tell me if I need t
include some more detail
Cheers
Chuc
Paranoia comes from experience - and is not necessarily a bad thing