[isapros] Re: OT: Vista VPN Client Credentials
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Thu, 25 Jan 2007 11:55:10 -0600
OK, just testing you :)
Since Vista is more secure, this must be a security issue ;))
Security is inversely proportional to functionality.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
> (Hammer of God)
> Sent: Thursday, January 25, 2007 11:41 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: OT: Vista VPN Client Credentials
>
> No less than 1 million times ;)
>
> For years and years I've been logging in from non-domain XP
> boxes as unique
> local users and VPN'ing in to remote networks with completely
> different
> usernames/passwords and directly accessing network resources
> silently as the
> VPN user, not the local interactive user.
>
> I know I could join the domain and/or pair up usernames and
> passwords, but I
> never do that. I wouldn't have usernames and passwords on a
> laptop that
> matched usernames and passwords on my domain- that's just silly ;)
>
> t
>
>
> On 1/25/07 9:42 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> spoketh to
> all:
>
> > Tim,
> >
> > Are you sure it actually ever worked the way you thought it
> did? That is
> > to say, did it actually work where where you log in
> interactively with
> > one set of local non-domain credentails, and then create a
> remote access
> > VPN client connection using a second set of credentials and
> then have
> > the dial-in credentials sent to the remote file servers?
> >
> > I think in order for that scenario to possibly work, you
> have to dial-in
> > via dial-up networking during interactive logon. Try that
> with the Vista
> > client.
> >
> > Worst comes to worst, you can mirror your credentials on
> the non-domain
> > client with the domain accout.
> >
> > Tom
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- Microsoft Firewalls (ISA)
> >
> >
> >
> >> -----Original Message-----
> >> From: isapros-bounce@xxxxxxxxxxxxx
> >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
> >> (Hammer of God)
> >> Sent: Thursday, January 25, 2007 11:26 AM
> >> To: isapros@xxxxxxxxxxxxx
> >> Subject: [isapros] Re: OT: Vista VPN Client Credentials
> >>
> >> Hi Ara- thanks for checking. Yes, if the system is a domain
> >> member, it
> >> works as you describe. The point is that remote systems
> >> should not need to
> >> be domain members in order to VPN into a network and have the VPN
> >> credentials used for access to that network's resources.
> >>
> >> A laptop user should not have to move around using cached
> >> domain credentials
> >> to log on to their system as a domain member... More
> >> importantly, the local
> >> users' interactive credentials should not automatically be
> >> sent to a remote
> >> host on a dial-up/VPN connection. That is a security issue
> >> in itself...
> >>
> >> t
> >>
> >>
> >> On 1/25/07 8:59 AM, "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx>
> >> spoketh to all:
> >>
> >>> I did a test myself last night from Vista. It dials in with
> >> no problem,
> >>> outlook opens fine, and I can go to \\servername\sharename and no
> >>> problem. One thought, I have the firewall client for vista
> >> installed and
> >>> laptop is a domain member which is going back and forward
> work/home
> >>>
> >>> -----Original Message-----
> >>> From: isapros-bounce@xxxxxxxxxxxxx
> >> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>> On Behalf Of Thor (Hammer of God)
> >>> Sent: Thursday, January 25, 2007 7:08 AM
> >>> To: isapros@xxxxxxxxxxxxx
> >>> Subject: [isapros] Re: OT: Vista VPN Client Credentials
> >>>
> >>> Anyone? Bueller? Anyone?
> >>>
> >>> Is there anyone out there who is VPN'ing into a network on
> >> a non-domain
> >>> machine with Vista? Is it time to post to the Focus-MS list???
> >>>
> >>> t
> >>>
> >>>
> >>> On 1/24/07 12:36 PM, "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> >>> spoketh
> >>> to all:
> >>>
> >>>> Greetings... I'm hoping this something stupid that I'm just not
> >>> seeing, but
> >>>> I'm having an issue automatically authenticating to a
> >> remote network
> >>> under
> >>>> my VPN credential in Vista (x64).
> >>>>
> >>>> With XP, on a non-domain, standalone workgroup box, I
> can create a
> >>> standard
> >>>> VPN client and log on to the remote network using my user
> >> account on
> >>> remote
> >>>> network domain. Though I'm logged on interactively as a
> >> local user on
> >>> that
> >>>> XP box, when I go to \\host.domain.com, my VPN credentials are
> >>> automatically
> >>>> used to access shared resources on the remote network.
> Same thing
> >>> with
> >>>> connecting to a remote SQL box (requiring integrated auth). No
> >>> problems at
> >>>> all with XP, been doing it for years.
> >>>>
> >>>> However, with Vista, the credentials I use to log onto the remote
> >>> network
> >>>> are NOT being used when I access resources on the remote network.
> >>> Browsing
> >>>> to the share point results in a logon box being displayed. If I
> >>> attempt to
> >>>> connect to a SQL box, it says "not a trusted connection"
> >> (as it would
> >>> if my
> >>>> local user is being used.) WTF? I've looked through and set
> >>> everything
> >>>> that I can, including setting the location as "Work" and
> >> "Home." I do
> >>> NOT
> >>>> want to have to join the box to the remote domain.
> >>>>
> >>>> Anyone know what I'm doing wrong?? Thanks.
> >>>> t
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
>
>
>
>
>
Other related posts:
