With all the technology that is out there today, it has allowed companies to branch out quicker and hire employees they potentially never even meet. If the company is well established, it will likely have a domain based network with available applications and features this employee will need to access.
Being the network admin of this company and asked for the first time to join these types of employees PCs to the domain, you may be thinking “Can this be done?”
The answer is yes! If you adhere to the following instructions, smooth sailing will come to you.
- Initially, establish a connection to the target computer via a Team Viewer session or some similar application. You will need to make sure that the account logged into the target PC has local admin rights as well.
- From there, install a LogMeIn style application on the computer, this will make it so that you can restart the computer and manipulate it without having to bug the end user.
- Once LogMeIn is installed, you will need to connect up to the remote computer via LogMeIn and install VNC server. It doesn’t matter was flavor (Tight, Real, etc.) Make sure to set a connection password on this.
- Now create a Windows based VPN connection to the target domain environment.
Make sure you enable this connection for ‘All users’ on the PC. After the setup has finished, go to the Properties of this connection and check the ‘include Windows login domain’ in the tab Options.
- Establish a VPN connection with domain admin credentials from the PC.
Right click My Computer, Properties, and click on Change settings in the middle for domain/Workgroups. Click on the Network ID button here.
- Go through filling out the required information using a domain admin account where necessary.
Once you have gone through the progressive screens you should see a ‘Welcome to the domain’ message and note to restart, HOLD OFF ON THE RESTART.
- At this point, open up Computer Management from the control panel and add the domain admin, and domain user accounts (who will be using the computer) to the local admins group. Now you can restart.
- Once the computer has restarted, re-establish a LogMeIn connection to the computer. When you arrive at the login screen on the computer, click the switch user button. Now you should see a little blue icon next to the red Shutdown/Restart button, click the blue one.
- This will essentially launch the VPN connection you set up earlier, (remember that you were supposed to setup this connection for everyone on the computer) enter the domain admin credentials and connect. (This is going to kill your LogMeIn session; now is where VNC comes into play)
- You should have RDP access to a server within the target domain network, specifically the one that RRAS is hosted on, remote into that.
- You will now need to install a VNC client on the server. Once that is done, pull the target computers IP address from the RRAS console by right clicking it and going to status and then VNC to that IP.
From the VNC client try and establish a connection to the target (you may need to add some type of exception to any firewall or antivirus software on the target to allow this connection).
From here, you can pretty much work things how you normally would via VNC.
This guest article is written by Neil Tischinae. He is an IT Consultant/Systems Engineer with a focus on security. If you wish to write for us, kindly check this.
Thanks sir you give a great knownledge
about VPN connection with domain admin
But once they are on the domain remotely how will they get GPO updates for the computer profiles? From what I understand the system checks the domain during startup for computer changes I.E. app installs and the vpn doesn't connect until after login takes place.
VPN doesn't connect? Can you elaborate more on this William? 🙂
The VPN only connnects once you log in. So any GPO updates you push through the server will never reach this device. Whereas if you are directly connected to the network it checks the network during startup and asks the domain controller for policy changes and applies them on the fly.
One would thing Microsoft would have solved this issue by now. One way around it is to setup a site-site vpn.
Thank you so much for given worthy data on here. And, it's really rocks 🙂
:)….thank you.
great info. i like the way it explained here. will prove very useful to me.
Thanks.
I guess the procedure is same for all the operating systems. I love to use it. never got a chance to do it. May be i should try it once . Thanks man 😉 Noted it down.
Satish, you're correct. It is pretty much the same procedure for all OSs.