Problem

You have remote users who rarely, if ever, visit an office, and connect almost exclusively through a VPN. The VPN connection isn’t a significant support headache except when you need network access during Windows logon. For example, when creating a local account profile or changing a user’s domain password.

Solution

The following instructions show you how to achieve VPN connectivity during Windows logon using Microsoft’s, Cisco’s and Checkpoint’s VPN clients and should work on either Windows 2000 or Windows XP:

Configure the machine’s network identification

            1. Login using a local account with administrative rights and make a VPN connection to the network.

            2. Open the Network Connections window and click Advanced | Network Identification. From the Computer Name tab, click the Change button.

            3. Enter the appropriate computer name and domain name.

            4. Add any special user or group permissions specific to your organization.

            5. Reboot the PC when prompted to do so.

Use one of the following instruction sets depending on your organization’s VPN solution.

Using the Microsoft Dial-Up Networking/VPN Connection

            6. At the initial Windows XP Logon screen select Logon Using Dial-Up Networking.

            7. When prompted to select a connection method, click the drop-down list and select the corporate VPN connection.

            8. Logon and include the domain name.

Using the Cisco VPN Client

            6. Login locally to the workstation.

            7. Start the Cisco VPN Client and select Options.

            8. Select Enable start before logon. This allows the Cisco client to connect to the network before Windows logon takes place.

            9. Reboot and wait until the Cisco login prompt appears to establish a VPN connection.

            10. Logon to Windows with the user’s AD domain credentials. Since a VPN connection has already been established a new domain account/profile will be created for the user.

            11. Open the Cisco VPN Client and deselect Enable start before logon to return to the regular operational state.

Using the CheckPoint SecureClient

            6. Click the SecureClient icon in the system tray.

            7. Open the Passwords menu and select Enable SSO.

            8. Reopen the Passwords menu and select Enable SDL.

            Note: To avoid logon error messages, disable SDL before you change the client’s domain membership (remove it from a domain or join a different domain).

            9. Select the Passwords menu and select Configure SSO. Enter your domain username and password, as well as your SecureClient username and password.

            10. Close the SecureClient and reboot the machine.

MR.B.