What's interesting is that the Vista client attempts to use NetBIOS connections while the domain member uses CIFS specifically. Let's see what happens if I open NBT transports up from the VPN segment to the internal servers I need... t On 1/25/07 10:28 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to all: > Maybe they thought interactive credentails were less likely to be domain > credentails, so it's more secure to blast them than your domain > credentails. > > Heck, makes about as much sense as the rationale they used to hork > NAT-T. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > >> -----Original Message----- >> From: isapros-bounce@xxxxxxxxxxxxx >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor >> (Hammer of God) >> Sent: Thursday, January 25, 2007 11:51 AM >> To: isapros@xxxxxxxxxxxxx >> Subject: [isapros] Re: OT: Vista VPN Client Credentials >> >> Yes, clearly more secure. Connect up to a hotspot connection >> and have your >> interactive credentials automatically and silently basted >> downrange to any >> service that asks for it :-/ >> >> t >> >> >> On 1/25/07 9:55 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> >> spoketh to >> all: >> >>> OK, just testing you :) >>> >>> Since Vista is more secure, this must be a security issue ;)) >>> >>> Security is inversely proportional to functionality. >>> >>> Thomas W Shinder, M.D. >>> Site: www.isaserver.org >>> Blog: http://blogs.isaserver.org/shinder/ >>> Book: http://tinyurl.com/3xqb7 >>> MVP -- Microsoft Firewalls (ISA) >>> >>> >>> >>>> -----Original Message----- >>>> From: isapros-bounce@xxxxxxxxxxxxx >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor >>>> (Hammer of God) >>>> Sent: Thursday, January 25, 2007 11:41 AM >>>> To: isapros@xxxxxxxxxxxxx >>>> Subject: [isapros] Re: OT: Vista VPN Client Credentials >>>> >>>> No less than 1 million times ;) >>>> >>>> For years and years I've been logging in from non-domain XP >>>> boxes as unique >>>> local users and VPN'ing in to remote networks with completely >>>> different >>>> usernames/passwords and directly accessing network resources >>>> silently as the >>>> VPN user, not the local interactive user. >>>> >>>> I know I could join the domain and/or pair up usernames and >>>> passwords, but I >>>> never do that. I wouldn't have usernames and passwords on a >>>> laptop that >>>> matched usernames and passwords on my domain- that's just silly ;) >>>> >>>> t >>>> >>>> >>>> On 1/25/07 9:42 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> >>>> spoketh to >>>> all: >>>> >>>>> Tim, >>>>> >>>>> Are you sure it actually ever worked the way you thought it >>>> did? That is >>>>> to say, did it actually work where where you log in >>>> interactively with >>>>> one set of local non-domain credentails, and then create a >>>> remote access >>>>> VPN client connection using a second set of credentials and >>>> then have >>>>> the dial-in credentials sent to the remote file servers? >>>>> >>>>> I think in order for that scenario to possibly work, you >>>> have to dial-in >>>>> via dial-up networking during interactive logon. Try that >>>> with the Vista >>>>> client. >>>>> >>>>> Worst comes to worst, you can mirror your credentials on >>>> the non-domain >>>>> client with the domain accout. >>>>> >>>>> Tom >>>>> >>>>> Thomas W Shinder, M.D. >>>>> Site: www.isaserver.org >>>>> Blog: http://blogs.isaserver.org/shinder/ >>>>> Book: http://tinyurl.com/3xqb7 >>>>> MVP -- Microsoft Firewalls (ISA) >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor >>>>>> (Hammer of God) >>>>>> Sent: Thursday, January 25, 2007 11:26 AM >>>>>> To: isapros@xxxxxxxxxxxxx >>>>>> Subject: [isapros] Re: OT: Vista VPN Client Credentials >>>>>> >>>>>> Hi Ara- thanks for checking. Yes, if the system is a domain >>>>>> member, it >>>>>> works as you describe. The point is that remote systems >>>>>> should not need to >>>>>> be domain members in order to VPN into a network and have the VPN >>>>>> credentials used for access to that network's resources. >>>>>> >>>>>> A laptop user should not have to move around using cached >>>>>> domain credentials >>>>>> to log on to their system as a domain member... More >>>>>> importantly, the local >>>>>> users' interactive credentials should not automatically be >>>>>> sent to a remote >>>>>> host on a dial-up/VPN connection. That is a security issue >>>>>> in itself... >>>>>> >>>>>> t >>>>>> >>>>>> >>>>>> On 1/25/07 8:59 AM, "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx> >>>>>> spoketh to all: >>>>>> >>>>>>> I did a test myself last night from Vista. It dials in with >>>>>> no problem, >>>>>>> outlook opens fine, and I can go to >> \\servername\sharename and no >>>>>>> problem. One thought, I have the firewall client for vista >>>>>> installed and >>>>>>> laptop is a domain member which is going back and forward >>>> work/home >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] >>>>>>> On Behalf Of Thor (Hammer of God) >>>>>>> Sent: Thursday, January 25, 2007 7:08 AM >>>>>>> To: isapros@xxxxxxxxxxxxx >>>>>>> Subject: [isapros] Re: OT: Vista VPN Client Credentials >>>>>>> >>>>>>> Anyone? Bueller? Anyone? >>>>>>> >>>>>>> Is there anyone out there who is VPN'ing into a network on >>>>>> a non-domain >>>>>>> machine with Vista? Is it time to post to the Focus-MS list??? >>>>>>> >>>>>>> t >>>>>>> >>>>>>> >>>>>>> On 1/24/07 12:36 PM, "Thor (Hammer of God)" >> <thor@xxxxxxxxxxxxxxx> >>>>>>> spoketh >>>>>>> to all: >>>>>>> >>>>>>>> Greetings... I'm hoping this something stupid that I'm just not >>>>>>> seeing, but >>>>>>>> I'm having an issue automatically authenticating to a >>>>>> remote network >>>>>>> under >>>>>>>> my VPN credential in Vista (x64). >>>>>>>> >>>>>>>> With XP, on a non-domain, standalone workgroup box, I >>>> can create a >>>>>>> standard >>>>>>>> VPN client and log on to the remote network using my user >>>>>> account on >>>>>>> remote >>>>>>>> network domain. Though I'm logged on interactively as a >>>>>> local user on >>>>>>> that >>>>>>>> XP box, when I go to \\host.domain.com, my VPN credentials are >>>>>>> automatically >>>>>>>> used to access shared resources on the remote network. >>>> Same thing >>>>>>> with >>>>>>>> connecting to a remote SQL box (requiring integrated auth). No >>>>>>> problems at >>>>>>>> all with XP, been doing it for years. >>>>>>>> >>>>>>>> However, with Vista, the credentials I use to log onto >> the remote >>>>>>> network >>>>>>>> are NOT being used when I access resources on the >> remote network. >>>>>>> Browsing >>>>>>>> to the share point results in a logon box being >> displayed. If I >>>>>>> attempt to >>>>>>>> connect to a SQL box, it says "not a trusted connection" >>>>>> (as it would >>>>>>> if my >>>>>>>> local user is being used.) WTF? I've looked through and set >>>>>>> everything >>>>>>>> that I can, including setting the location as "Work" and >>>>>> "Home." I do >>>>>>> NOT >>>>>>>> want to have to join the box to the remote domain. >>>>>>>> >>>>>>>> Anyone know what I'm doing wrong?? Thanks. >>>>>>>> t >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >> >> >> >> >> > > >