jondercik

Run runs the command every time a user logs in. RunOnce clears the registry key as soon as the command is run. RunOnceEx clears the registry key on completion of the command. Jim

no. Just reinstall not using SP2. What hardware is giving you a problem with sp2? SP2 is a much better version than SP1 or gold xp. Jim

What the heck do you mean? An Active directory upgrade or just a single machine upgrade? There is NO way to transfer user accounts from one machine to another, be it XP or NT.

Why would you want to?

Everyone is bad.

no they have to be the exact same chip.

Couldnt get a successful install of the 64 bit edition on my ASUS-SLI board with an AMD X2 chip. Jim

Look at the high end systems.

Sorry man. The only way I can think of to make sure they only use the company's laptop and no other machine is to use certificates for validation as well. This may not be true cause certificates are not my strong point. One I am unaware of anyway to automatically make the users log in to the domain when the watchguard vpn is established because the Windows logon process takes place at the ctl+alt+del screen. Jim

x64 Edition only thoug 3.6 gb wow.

Alienware.

Depends where the mail server is. If it is on the same network as them, just remove the default gateway from the machine.

Please post here when it is posted on MSDN.

Does MSDN seem slow today?

Sorry man. For the romaing profiles not to be downloaded to the client on a VPN connection enable slow link detection in group policy as described in the following link: http://support.microsoft.com/?id=227260 That will make sure that roaming profiles do not get downloaded. For my response, the DC will not have to be the VPN server for this scenario. The firewall will just have to pass the credentials the user specifies and have them authenticated by the DC using IAS. The firewall will still manage the connections, but the domain controllers will authenticate users. Jim

Yes but it probably annoys the users.

I would have the VPN server not authenticate them, but have it pass the logon credentials to the domain. Jim

"I" would not create local accounts. I would have them authenticate with the domain. Users dont know UNC paths.

Any other questions feel free to ask. I may seem like an a** sometimes but I just try to do things right (And I can be set in my ways). Jim

Yes. If you unchecked that option all traffic not destined for the VPN network would go out the computers normal default route. This is not reccomended though because it is a security vulnerability. If the firewall CAN pass authentication requests to the domain, why not have it do it. It makes things simpler for the user, because it is one less thing they have to remember. For user profiles and such I believe you can select an option in group policy to enable to slow link detection and not download a profile in that condition. I am not aware of any way to prevent them from accidentally printing to a printer their user account has access to when remotely connected. File access will act just the same remote as it does locally. If permissions are set up correctly then they cant get access to material they arent supposed to. Jim

I have a question. Does IPSec encryption have a noticeable impact on transfer speeds on current hardware? Jim

If they are bugging an admin for things, obviously you havent thought out the build for your users well enough. They can do what they need to do if you just spend the time to figure out what they need to do. Jim

Agreed. I dont know how well it would even work given the "All Users" and "Default User" profiles.

Startup script wont do it. It will wait until the script finishes to allow logon. It needs to be a service. Jim

If the drivers for the printer are stored on a print server they dont have to be admins. This is only a problem if everyone has their own printer. Jim