• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Win2k Domain membership / login problem

P

Pluto

Senior member
OK, here's an interesting problem for you WinNT/2k experts out there....

I have a user with a Laptop PC that was configured to be a member of a domain, lets say MYDOMAIN.

His domain username was not set up when he was sent the PC, and so he is currently logging in as the local administrator account. Now that his user account is ready he needs to log in to the domain so he can access the MS Exchange email system as well as other shared network resources. Problem is, he works from his home and is very far away from our office (and network).

He can access our network by connecting into his local ISP and then launching the VPN client software.

Problem is, he cannot log in with his user account on MYDOMAIN at the Windows 2000 logon screen because the domain is not available before he logs in (the VPN connection is not opened).

Is there any way around this?


Thanks.
 
I'm 99% sure that there isn't a way to get him logged on using his domain account unless he has logged on at least once successfully on the network in your office. If he had been connected on your local network, he would be able to use cached credentials to log onto his machine. He'd see an error about "No domain controller available...".

Even if he isn't logged onto the domain, he could still access resources on the domain by using the "net use" command to connect or through Windows Explorer.

For example:

net use x: \\server\resource /U:mydomain\myusername *

will create a connection to a resource using the account "myusername" in the domain "mydomain". The "*" will prompt the user to enter their domain password. Or you could map a drive in Windows Explorer and fill in the "Connect as" field (NT) or "Connect using a different username" (W2K).

As far as e-mail goes, he could go to Tools\Services in Outlook, highlight "Microsoft Exchange Server" in the list, and click "Properties". Go to "Dial-up Networking", and select his VPN connection in the pull-down box. Then select either "Display connection dialogs at logon" or "Use the following settings at logon" and enter his domain info.

Hope that helps some.
 
No. There is a way. You need to create a VPN connection on the laptop. Now, depending on what type of ISP connection he has, if it's dial-up you will have to configure another DUN connection that will connect before the VPN connection is made. This option is presented in the wizard when you are creating the VPN DUN connection. Or, you do not select this option if your user has a broadband connection at home.

When the user is at home, he will be prompted at GINA (the Ctrl-Alt-Del screen). HAve him do the key strokes. Then he will have to click on the Advanced button. There he can select to use a Dial-Up connection. Specify the VPN connection and that will be estabolished. He then can log into your network.

Let me know if you have any further questions.
 
Yes Shadow is right. For example, I use a vpn connection to connect to the domain, since the connection to internet is throught LAN, the vpn is started as a service before the GINA so you can find the DC directly as if it's local. If you use a dialup, you will need to do what shadow said 🙂
 
Shadow07 (Question): Don't you have to create another user account for the user on his local machine (or create a roaming profile on the server), setup the VPN DUN, then have that account join the domain? I don't know the correct sequence but I was trying to nail it down in my head. Do you have any idea? Thanks.
 
No you do not. Windows 2000 will use the local SYSTEM account to run the VPN connection and/or the DUN connection. The connection will be made first, then the user will be able to log into the domain.

If you have any problems, let me know.
 
Shadow/Chris,

I thought of doing what you said. Unfortuneatly we are using a 3rd party VPN client to connect (Nortel Extranet Client Access) to the VPN host. It does not register an entry under Network and Dial Up Connections, so there is no way to select it from the drop down that appears after you choose "Log on using dial up networking". I tried to use the Network connection wizard to set up a connection to our VPN host using Win2k's built in VPN protocols but it wouldn't accept the connection. (Damn proprietary systems)

If using Log on using dial up networking, he can choose the dial up ISP (not necessary in this case since he has DSL) but there is no way to launch the extranet access client before being logged in. That brings up another good point, if a user's DSL connection required them to launch a Access Manager program (which many DSL providers do, at least in this area) that would pose an additional challenge (connect to dsl, connect to VPN host) neither of which could be done at the login screen.

I gave up today and configured everything for him as local admin, and I'll get him logging in properly next time he's in the office on our network, but I'd still like to hear a solution if anyone has one.
 
Not dealing with Proprietary applications. I would contact Nortel and ask them what to do. Without their help, I see no other way. If the connection is not listed in DUN, then you have a major issue. Contact Nortel, and then post back what they say.
 
Pluto: I am using a third party VPN too and it's not listed under the DUN. I configured it so the vpn starts the dial up. Since the vpn is started as a service before the CTRL-ALT-DEL login screen, the connection to internet is made and the login to the DC can be made.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top