VPN vs. RWW in SBS 2003 Premium
|
From: Lanwench [MVP - Exchange] on 11 Dec 2009 17:00 Mike in Nebraska <Mike_in_Nebraska(a)newsgroup.nospam> wrote: > Thanks, Lanwench. I like your idea and will push to have the PC I > normally use set aside for me to remote into. I've had it for about > 5 years and I know it inside-and-out. You can stick it in the server room with no monitor on it and a big label that says "DO NOT TOUCH." :-) > > "Lanwench [MVP - Exchange]" > <lanwench(a)heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in > message news:%23YaRVTqeKHA.1824(a)TK2MSFTNGP04.phx.gbl... >> Mike in Nebraska <Mike_in_Nebraska(a)newsgroup.nospam> wrote: >>> Well, the worker is (probably) me. The economy is forcing hard >>> times for our nonprofit so I'll probably have to get a new job, but >>> they can afford to pay me P/T to manage the network, and do some >>> other minor work. The assets I'd need to get to are: shared >>> folders on the server, and the SharePoint sites (MOSS). I figured >>> it's be efficient, time-wise, if I could act as if I was still >>> on-site rather than RWW'ing into each server/computer to get what I >>> need. As the one and only IT guy, I could vouch for the security >>> actions of the user (me), but am still quite concerned about VPN. >>> Mike >> >> Sorry to hear about this. You can use VPN, sure, but it's not going >> to be just as though you were in the office - I generally don't even >> join 'home-worker' PCs to the domain unless there's a site link set >> up between the two networks. All the server admin you can do via RDP >> to the server. If they want you to do the work super-efficiently >> they should leave a PC available for you to remote into, I'd say. >>> >>>> >>>> VPN, but unless you're going to set up a site-to-site VPN this >>>> probably isn't going to work well at all and you will not be able >>>> to manage his workstation. What are the actual requirements? Why >>>> does it need to act as though it's still part of the LAN (and what does >>>> that mean, specifically)? Ideally I'd say a Terminal Services or >>>> Citrix box is in order here. >>>> It's not inexpensive, though, so the alternative would be to get >>>> him his own cheap and cheerful home PC which is *not* part of the >>>> domain and let him use RWW to get to his desktop in the office via >>>> RDP.
From: Mike in Nebraska on 11 Dec 2009 17:07 Great idea! Thanks again. "Lanwench [MVP - Exchange]" <lanwench(a)heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message news:OIXPi2qeKHA.4880(a)TK2MSFTNGP05.phx.gbl... > Mike in Nebraska <Mike_in_Nebraska(a)newsgroup.nospam> wrote: >> Thanks, Lanwench. I like your idea and will push to have the PC I >> normally use set aside for me to remote into. I've had it for about >> 5 years and I know it inside-and-out. > > You can stick it in the server room with no monitor on it and a big label > that says "DO NOT TOUCH." :-) >> >> "Lanwench [MVP - Exchange]" >> <lanwench(a)heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in >> message news:%23YaRVTqeKHA.1824(a)TK2MSFTNGP04.phx.gbl... >>> Mike in Nebraska <Mike_in_Nebraska(a)newsgroup.nospam> wrote: >>>> Well, the worker is (probably) me. The economy is forcing hard >>>> times for our nonprofit so I'll probably have to get a new job, but >>>> they can afford to pay me P/T to manage the network, and do some >>>> other minor work. The assets I'd need to get to are: shared >>>> folders on the server, and the SharePoint sites (MOSS). I figured >>>> it's be efficient, time-wise, if I could act as if I was still >>>> on-site rather than RWW'ing into each server/computer to get what I >>>> need. As the one and only IT guy, I could vouch for the security >>>> actions of the user (me), but am still quite concerned about VPN. >>>> Mike >>> >>> Sorry to hear about this. You can use VPN, sure, but it's not going >>> to be just as though you were in the office - I generally don't even >>> join 'home-worker' PCs to the domain unless there's a site link set >>> up between the two networks. All the server admin you can do via RDP >>> to the server. If they want you to do the work super-efficiently >>> they should leave a PC available for you to remote into, I'd say. >>>> >>>>> >>>>> VPN, but unless you're going to set up a site-to-site VPN this >>>>> probably isn't going to work well at all and you will not be able >>>>> to manage his workstation. What are the actual requirements? Why >>>>> does it need to act as though it's still part of the LAN (and what >>>>> does >>>>> that mean, specifically)? Ideally I'd say a Terminal Services or >>>>> Citrix box is in order here. >>>>> It's not inexpensive, though, so the alternative would be to get >>>>> him his own cheap and cheerful home PC which is *not* part of the >>>>> domain and let him use RWW to get to his desktop in the office via >>>>> RDP. > > >
From: Bill Sanderson on 11 Dec 2009 19:39 I work this way in a not too different situation much of the time. I do, in fact, have a job, with just enough hours to get benefits, but I generally do more work than fits in those hours, and a lot of it is done from home using the mechanisms you mention. Leaving the workstation in the office--it doesn't have to occupy an office--seems like a great idea. I would recommend that you use VPN, at least at times. For example, are you running WSUS? If not, how do you manage patches? In a small office, it may be efficient to just tell the folks in the office to leave all the machines on on second (and sometimes 4th?) tuesdays, and just RDP in via VPN to all of them at the same time and make sure the patching gets done--and don't forget the Adobe stuff. It is actually faster and easier to do repetitive maintenance work on a collection of machines in an office remotely than it is in person--especially if you are able to do it during hours when the machines are not in use. You may also want to learn something about Wake-on-lan, and set up some batch files to wake machines--this can be quite useful if there's something significant that needs to be done, and a machine is turned off and nobody is in the office. Getting this working in the first place is easiest on site--some of the settings may be at the bios level, and several reboots are needed to be sure you have it functional. But if you can get it going it is very useful. I use the command-line tools at depicus.com which are simple and reliable. "Mike in Nebraska" <Mike_in_Nebraska(a)newsgroup.nospam> wrote in message news:#722X5qeKHA.5608(a)TK2MSFTNGP05.phx.gbl... > Great idea! Thanks again. > > "Lanwench [MVP - Exchange]" > <lanwench(a)heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in > message news:OIXPi2qeKHA.4880(a)TK2MSFTNGP05.phx.gbl... >> Mike in Nebraska <Mike_in_Nebraska(a)newsgroup.nospam> wrote: >>> Thanks, Lanwench. I like your idea and will push to have the PC I >>> normally use set aside for me to remote into. I've had it for about >>> 5 years and I know it inside-and-out. >> >> You can stick it in the server room with no monitor on it and a big label >> that says "DO NOT TOUCH." :-) >>> >>> "Lanwench [MVP - Exchange]" >>> <lanwench(a)heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in >>> message news:%23YaRVTqeKHA.1824(a)TK2MSFTNGP04.phx.gbl... >>>> Mike in Nebraska <Mike_in_Nebraska(a)newsgroup.nospam> wrote: >>>>> Well, the worker is (probably) me. The economy is forcing hard >>>>> times for our nonprofit so I'll probably have to get a new job, but >>>>> they can afford to pay me P/T to manage the network, and do some >>>>> other minor work. The assets I'd need to get to are: shared >>>>> folders on the server, and the SharePoint sites (MOSS). I figured >>>>> it's be efficient, time-wise, if I could act as if I was still >>>>> on-site rather than RWW'ing into each server/computer to get what I >>>>> need. As the one and only IT guy, I could vouch for the security >>>>> actions of the user (me), but am still quite concerned about VPN. >>>>> Mike >>>> >>>> Sorry to hear about this. You can use VPN, sure, but it's not going >>>> to be just as though you were in the office - I generally don't even >>>> join 'home-worker' PCs to the domain unless there's a site link set >>>> up between the two networks. All the server admin you can do via RDP >>>> to the server. If they want you to do the work super-efficiently >>>> they should leave a PC available for you to remote into, I'd say. >>>>> >>>>>> >>>>>> VPN, but unless you're going to set up a site-to-site VPN this >>>>>> probably isn't going to work well at all and you will not be able >>>>>> to manage his workstation. What are the actual requirements? Why >>>>>> does it need to act as though it's still part of the LAN (and what >>>>>> does >>>>>> that mean, specifically)? Ideally I'd say a Terminal Services or >>>>>> Citrix box is in order here. >>>>>> It's not inexpensive, though, so the alternative would be to get >>>>>> him his own cheap and cheerful home PC which is *not* part of the >>>>>> domain and let him use RWW to get to his desktop in the office via >>>>>> RDP. >> >> >> >
From: Mike in Nebraska on 12 Dec 2009 11:59
Thanks, Bill. Good advice! I DO use WSUS, so that's a big help. "Bill Sanderson" <bill_sanderson(a)msn.com.plugh.org> wrote in message news:D0C7BC7B-46E5-4DC2-AB95-F8AF413043FF(a)microsoft.com... >I work this way in a not too different situation much of the time. I do, >in fact, have a job, with just enough hours to get benefits, but I >generally do more work than fits in those hours, and a lot of it is done >from home using the mechanisms you mention. > > Leaving the workstation in the office--it doesn't have to occupy an > office--seems like a great idea. I would recommend that you use VPN, at > least at times. For example, are you running WSUS? If not, how do you > manage patches? In a small office, it may be efficient to just tell the > folks in the office to leave all the machines on on second (and sometimes > 4th?) tuesdays, and just RDP in via VPN to all of them at the same time > and make sure the patching gets done--and don't forget the Adobe stuff. > > It is actually faster and easier to do repetitive maintenance work on a > collection of machines in an office remotely than it is in > person--especially if you are able to do it during hours when the machines > are not in use. > > You may also want to learn something about Wake-on-lan, and set up some > batch files to wake machines--this can be quite useful if there's > something significant that needs to be done, and a machine is turned off > and nobody is in the office. Getting this working in the first place is > easiest on site--some of the settings may be at the bios level, and > several reboots are needed to be sure you have it functional. But if you > can get it going it is very useful. > > I use the command-line tools at depicus.com which are simple and reliable. > > > > "Mike in Nebraska" <Mike_in_Nebraska(a)newsgroup.nospam> wrote in message > news:#722X5qeKHA.5608(a)TK2MSFTNGP05.phx.gbl... >> Great idea! Thanks again. >> >> "Lanwench [MVP - Exchange]" >> <lanwench(a)heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in >> message news:OIXPi2qeKHA.4880(a)TK2MSFTNGP05.phx.gbl... >>> Mike in Nebraska <Mike_in_Nebraska(a)newsgroup.nospam> wrote: >>>> Thanks, Lanwench. I like your idea and will push to have the PC I >>>> normally use set aside for me to remote into. I've had it for about >>>> 5 years and I know it inside-and-out. >>> >>> You can stick it in the server room with no monitor on it and a big >>> label that says "DO NOT TOUCH." :-) >>>> >>>> "Lanwench [MVP - Exchange]" >>>> <lanwench(a)heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in >>>> message news:%23YaRVTqeKHA.1824(a)TK2MSFTNGP04.phx.gbl... >>>>> Mike in Nebraska <Mike_in_Nebraska(a)newsgroup.nospam> wrote: >>>>>> Well, the worker is (probably) me. The economy is forcing hard >>>>>> times for our nonprofit so I'll probably have to get a new job, but >>>>>> they can afford to pay me P/T to manage the network, and do some >>>>>> other minor work. The assets I'd need to get to are: shared >>>>>> folders on the server, and the SharePoint sites (MOSS). I figured >>>>>> it's be efficient, time-wise, if I could act as if I was still >>>>>> on-site rather than RWW'ing into each server/computer to get what I >>>>>> need. As the one and only IT guy, I could vouch for the security >>>>>> actions of the user (me), but am still quite concerned about VPN. >>>>>> Mike >>>>> >>>>> Sorry to hear about this. You can use VPN, sure, but it's not going >>>>> to be just as though you were in the office - I generally don't even >>>>> join 'home-worker' PCs to the domain unless there's a site link set >>>>> up between the two networks. All the server admin you can do via RDP >>>>> to the server. If they want you to do the work super-efficiently >>>>> they should leave a PC available for you to remote into, I'd say. >>>>>> >>>>>>> >>>>>>> VPN, but unless you're going to set up a site-to-site VPN this >>>>>>> probably isn't going to work well at all and you will not be able >>>>>>> to manage his workstation. What are the actual requirements? Why >>>>>>> does it need to act as though it's still part of the LAN (and what >>>>>>> does >>>>>>> that mean, specifically)? Ideally I'd say a Terminal Services or >>>>>>> Citrix box is in order here. >>>>>>> It's not inexpensive, though, so the alternative would be to get >>>>>>> him his own cheap and cheerful home PC which is *not* part of the >>>>>>> domain and let him use RWW to get to his desktop in the office via >>>>>>> RDP. >>> >>> >>> >> |