Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
I_AM_SHEF2019-09-23 20:17:28
Active Directory
I_AM_SHEF, 2019-09-23 20:17:28

Connecting to a domain without internet?

There is a domain.
There are users with laptops who are traveling and can leave with a laptop within 1-3 days.
How to organize correctly authentication in AD for travellers?
There are 2 options:
1) VPN on the router before authentication. (here the question arises, first you need to turn on the PC, connect to the Internet. And the VPN is turned on already when the PC is started, i.e. how will it start without configured access to the world)
2) Option to save the password cache locally (CashedLogonsCount). Passed authentication (locally), chose VPN, connected to the domain network.
I like option 2, why is it bad? What do you advise ?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
2
20ivs, 2019-09-24
@I_AM_SHEF

1. I don’t see the point in answering the first point, sorry. the second covers everything.
2. the essence of the problem is not at all clear. That's how a lot of people work.
laptops are entered into the domain? if so, it means that you have already logged in and the account is cached, which will give you the right to log in N more times. and you don't even need to do anything else. after login, we connected to the domain network, we are working. while also updating the cache. the only condition is to log in at least once before going to the fields. although this can be solved.

Report
D
Dmitry Shumov, 2019-09-24
@dshumov

I dare to suggest, as an option: Microsoft DirectAccess maybe this is what you need

Report
F
fara_ib, 2019-09-23
@fara_ib

How about the first option? Travelers will carry a vpn router with them? That is, PC --> VPNclient-->VPNserver+AD. With a cache it's somehow easier. And if VPN with authorization through AD? Immediately two hares.

Similar questions
D
davlatos12022-03-23 11:42:33
Do corporate websites not open in the new domain? 2Reply
S
sharton2014-08-22 19:02:42
How can a specific network drive be mapped to a user, depending on which AD site he logged in through? 1Reply
N
na4aaa2020-11-12 05:00:38
Kerberos authentication... Constantly, people on a remote site have to fill in a login password, several times in a row? 1Reply
N
Nauryzbek Aitbaev2019-02-11 15:26:06
How to run as a user with limited access, but giving administrator rights in the Task Scheduler? 3Reply
E
Egor2016-09-19 12:14:33
How to enforce folder security rules through Active Directory in Windows Server 2008 R2? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question