VPN vs. RWW in SBS 2003 Premium

Looking for advice on how best to handle the following situation: One of
the office computers will be moved to a telecommuter's home, and we need it
to act as if it's still part of the LAN. There's no budget. Do we use VPN
or RWW?

I know that RWW is much better than VPN; but, without a computer to remote
into, how else can the tele-worker be part of the LAN?

--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a conservation non-profit (501 (c)(3)) organization
Wood River, NE

Mike in Nebraska <> wrote:
> Looking for advice on how best to handle the following situation: One of
> the office computers will be moved to a telecommuter's home,
> and we need it to act as if it's still part of the LAN. There's no
> budget. Do we use VPN or RWW?
>
> I know that RWW is much better than VPN; but, without a computer to
> remote into, how else can the tele-worker be part of the LAN?

VPN, but unless you're going to set up a site-to-site VPN this probably
isn't going to work well at all and you will not be able to manage his
workstation. What are the actual requirements? Why does it need to act as
though it's still part of the LAN (and what does that mean, specifically)?

Ideally I'd say a Terminal Services or Citrix box is in order here. It's not
inexpensive, though, so the alternative would be to get him his own cheap
and cheerful home PC which is *not* part of the domain and let him use RWW
to get to his desktop in the office via RDP.

Well, the worker is (probably) me. The economy is forcing hard times for
our nonprofit so I'll probably have to get a new job, but they can afford to
pay me P/T to manage the network, and do some other minor work. The assets
I'd need to get to are: shared folders on the server, and the SharePoint
sites (MOSS). I figured it's be efficient, time-wise, if I could act as if
I was still on-site rather than RWW'ing into each server/computer to get
what I need. As the one and only IT guy, I could vouch for the security
actions of the user (me), but am still quite concerned about VPN.

Mike

>
> VPN, but unless you're going to set up a site-to-site VPN this probably
> isn't going to work well at all and you will not be able to manage his
> workstation. What are the actual requirements? Why does it need to act as
> though it's still part of the LAN (and what does that mean, specifically)?
>
> Ideally I'd say a Terminal Services or Citrix box is in order here. It's
> not inexpensive, though, so the alternative would be to get him his own
> cheap and cheerful home PC which is *not* part of the domain and let him
> use RWW to get to his desktop in the office via RDP.
>

Mike in Nebraska <> wrote:
> Well, the worker is (probably) me. The economy is forcing hard times
> for our nonprofit so I'll probably have to get a new job, but they
> can afford to pay me P/T to manage the network, and do some other
> minor work. The assets I'd need to get to are: shared folders on the
> server, and the SharePoint sites (MOSS). I figured it's be
> efficient, time-wise, if I could act as if I was still on-site rather
> than RWW'ing into each server/computer to get what I need. As the
> one and only IT guy, I could vouch for the security actions of the
> user (me), but am still quite concerned about VPN.
> Mike

Sorry to hear about this. You can use VPN, sure, but it's not going to be
just as though you were in the office - I generally don't even join
'home-worker' PCs to the domain unless there's a site link set up between
the two networks. All the server admin you can do via RDP to the server. If
they want you to do the work super-efficiently they should leave a PC
available for you to remote into, I'd say.
>
>>
>> VPN, but unless you're going to set up a site-to-site VPN this
>> probably isn't going to work well at all and you will not be able to
>> manage his workstation. What are the actual requirements? Why does
>> it need to act as though it's still part of the LAN (and what does
>> that mean, specifically)? Ideally I'd say a Terminal Services or Citrix
>> box is in order here.
>> It's not inexpensive, though, so the alternative would be to get him
>> his own cheap and cheerful home PC which is *not* part of the domain
>> and let him use RWW to get to his desktop in the office via RDP.

Thanks, Lanwench. I like your idea and will push to have the PC I normally
use set aside for me to remote into. I've had it for about 5 years and I
know it inside-and-out.

"Lanwench [MVP - Exchange]"
< hoo.com> wrote in message
news:%...
> Mike in Nebraska <> wrote:
>> Well, the worker is (probably) me. The economy is forcing hard times
>> for our nonprofit so I'll probably have to get a new job, but they
>> can afford to pay me P/T to manage the network, and do some other
>> minor work. The assets I'd need to get to are: shared folders on the
>> server, and the SharePoint sites (MOSS). I figured it's be
>> efficient, time-wise, if I could act as if I was still on-site rather
>> than RWW'ing into each server/computer to get what I need. As the
>> one and only IT guy, I could vouch for the security actions of the
>> user (me), but am still quite concerned about VPN.
>> Mike
>
> Sorry to hear about this. You can use VPN, sure, but it's not going to be
> just as though you were in the office - I generally don't even join
> 'home-worker' PCs to the domain unless there's a site link set up between
> the two networks. All the server admin you can do via RDP to the server.
> If they want you to do the work super-efficiently they should leave a PC
> available for you to remote into, I'd say.
>>
>>>
>>> VPN, but unless you're going to set up a site-to-site VPN this
>>> probably isn't going to work well at all and you will not be able to
>>> manage his workstation. What are the actual requirements? Why does
>>> it need to act as though it's still part of the LAN (and what does
>>> that mean, specifically)? Ideally I'd say a Terminal Services or Citrix
>>> box is in order here.
>>> It's not inexpensive, though, so the alternative would be to get him
>>> his own cheap and cheerful home PC which is *not* part of the domain
>>> and let him use RWW to get to his desktop in the office via RDP.
>
>
>

Mike in Nebraska <> wrote:
> Thanks, Lanwench. I like your idea and will push to have the PC I
> normally use set aside for me to remote into. I've had it for about
> 5 years and I know it inside-and-out.

You can stick it in the server room with no monitor on it and a big label
that says "DO NOT TOUCH." :-)
>
> "Lanwench [MVP - Exchange]"
> < hoo.com> wrote in
> message news:%...
>> Mike in Nebraska <> wrote:
>>> Well, the worker is (probably) me. The economy is forcing hard
>>> times for our nonprofit so I'll probably have to get a new job, but
>>> they can afford to pay me P/T to manage the network, and do some
>>> other minor work. The assets I'd need to get to are: shared
>>> folders on the server, and the SharePoint sites (MOSS). I figured
>>> it's be efficient, time-wise, if I could act as if I was still
>>> on-site rather than RWW'ing into each server/computer to get what I
>>> need. As the one and only IT guy, I could vouch for the security
>>> actions of the user (me), but am still quite concerned about VPN.
>>> Mike
>>
>> Sorry to hear about this. You can use VPN, sure, but it's not going
>> to be just as though you were in the office - I generally don't even
>> join 'home-worker' PCs to the domain unless there's a site link set
>> up between the two networks. All the server admin you can do via RDP
>> to the server. If they want you to do the work super-efficiently
>> they should leave a PC available for you to remote into, I'd say.
>>>
>>>>
>>>> VPN, but unless you're going to set up a site-to-site VPN this
>>>> probably isn't going to work well at all and you will not be able
>>>> to manage his workstation. What are the actual requirements? Why
>>>> does it need to act as though it's still part of the LAN (and what does
>>>> that mean, specifically)? Ideally I'd say a Terminal Services or
>>>> Citrix box is in order here.
>>>> It's not inexpensive, though, so the alternative would be to get
>>>> him his own cheap and cheerful home PC which is *not* part of the
>>>> domain and let him use RWW to get to his desktop in the office via
>>>> RDP.

Great idea! Thanks again.

"Lanwench [MVP - Exchange]"
< hoo.com> wrote in message
news:...
> Mike in Nebraska <> wrote:
>> Thanks, Lanwench. I like your idea and will push to have the PC I
>> normally use set aside for me to remote into. I've had it for about
>> 5 years and I know it inside-and-out.
>
> You can stick it in the server room with no monitor on it and a big label
> that says "DO NOT TOUCH." :-)
>>
>> "Lanwench [MVP - Exchange]"
>> < hoo.com> wrote in
>> message news:%...
>>> Mike in Nebraska <> wrote:
>>>> Well, the worker is (probably) me. The economy is forcing hard
>>>> times for our nonprofit so I'll probably have to get a new job, but
>>>> they can afford to pay me P/T to manage the network, and do some
>>>> other minor work. The assets I'd need to get to are: shared
>>>> folders on the server, and the SharePoint sites (MOSS). I figured
>>>> it's be efficient, time-wise, if I could act as if I was still
>>>> on-site rather than RWW'ing into each server/computer to get what I
>>>> need. As the one and only IT guy, I could vouch for the security
>>>> actions of the user (me), but am still quite concerned about VPN.
>>>> Mike
>>>
>>> Sorry to hear about this. You can use VPN, sure, but it's not going
>>> to be just as though you were in the office - I generally don't even
>>> join 'home-worker' PCs to the domain unless there's a site link set
>>> up between the two networks. All the server admin you can do via RDP
>>> to the server. If they want you to do the work super-efficiently
>>> they should leave a PC available for you to remote into, I'd say.
>>>>
>>>>>
>>>>> VPN, but unless you're going to set up a site-to-site VPN this
>>>>> probably isn't going to work well at all and you will not be able
>>>>> to manage his workstation. What are the actual requirements? Why
>>>>> does it need to act as though it's still part of the LAN (and what
>>>>> does
>>>>> that mean, specifically)? Ideally I'd say a Terminal Services or
>>>>> Citrix box is in order here.
>>>>> It's not inexpensive, though, so the alternative would be to get
>>>>> him his own cheap and cheerful home PC which is *not* part of the
>>>>> domain and let him use RWW to get to his desktop in the office via
>>>>> RDP.
>
>
>

I work this way in a not too different situation much of the time. I do, in
fact, have a job, with just enough hours to get benefits, but I generally do
more work than fits in those hours, and a lot of it is done from home using
the mechanisms you mention.

Leaving the workstation in the office--it doesn't have to occupy an
office--seems like a great idea. I would recommend that you use VPN, at
least at times. For example, are you running WSUS? If not, how do you
manage patches? In a small office, it may be efficient to just tell the
folks in the office to leave all the machines on on second (and sometimes
4th?) tuesdays, and just RDP in via VPN to all of them at the same time and
make sure the patching gets done--and don't forget the Adobe stuff.

It is actually faster and easier to do repetitive maintenance work on a
collection of machines in an office remotely than it is in
person--especially if you are able to do it during hours when the machines
are not in use.

You may also want to learn something about Wake-on-lan, and set up some
batch files to wake machines--this can be quite useful if there's something
significant that needs to be done, and a machine is turned off and nobody is
in the office. Getting this working in the first place is easiest on
site--some of the settings may be at the bios level, and several reboots are
needed to be sure you have it functional. But if you can get it going it is
very useful.

I use the command-line tools at depicus.com which are simple and reliable.



"Mike in Nebraska" <> wrote in message
news:#...
> Great idea! Thanks again.
>
> "Lanwench [MVP - Exchange]"
> < hoo.com> wrote in
> message news:...
>> Mike in Nebraska <> wrote:
>>> Thanks, Lanwench. I like your idea and will push to have the PC I
>>> normally use set aside for me to remote into. I've had it for about
>>> 5 years and I know it inside-and-out.
>>
>> You can stick it in the server room with no monitor on it and a big label
>> that says "DO NOT TOUCH." :-)
>>>
>>> "Lanwench [MVP - Exchange]"
>>> < hoo.com> wrote in
>>> message news:%...
>>>> Mike in Nebraska <> wrote:
>>>>> Well, the worker is (probably) me. The economy is forcing hard
>>>>> times for our nonprofit so I'll probably have to get a new job, but
>>>>> they can afford to pay me P/T to manage the network, and do some
>>>>> other minor work. The assets I'd need to get to are: shared
>>>>> folders on the server, and the SharePoint sites (MOSS). I figured
>>>>> it's be efficient, time-wise, if I could act as if I was still
>>>>> on-site rather than RWW'ing into each server/computer to get what I
>>>>> need. As the one and only IT guy, I could vouch for the security
>>>>> actions of the user (me), but am still quite concerned about VPN.
>>>>> Mike
>>>>
>>>> Sorry to hear about this. You can use VPN, sure, but it's not going
>>>> to be just as though you were in the office - I generally don't even
>>>> join 'home-worker' PCs to the domain unless there's a site link set
>>>> up between the two networks. All the server admin you can do via RDP
>>>> to the server. If they want you to do the work super-efficiently
>>>> they should leave a PC available for you to remote into, I'd say.
>>>>>
>>>>>>
>>>>>> VPN, but unless you're going to set up a site-to-site VPN this
>>>>>> probably isn't going to work well at all and you will not be able
>>>>>> to manage his workstation. What are the actual requirements? Why
>>>>>> does it need to act as though it's still part of the LAN (and what
>>>>>> does
>>>>>> that mean, specifically)? Ideally I'd say a Terminal Services or
>>>>>> Citrix box is in order here.
>>>>>> It's not inexpensive, though, so the alternative would be to get
>>>>>> him his own cheap and cheerful home PC which is *not* part of the
>>>>>> domain and let him use RWW to get to his desktop in the office via
>>>>>> RDP.
>>
>>
>>
>

Thanks, Bill. Good advice! I DO use WSUS, so that's a big help.

"Bill Sanderson" <> wrote in message
news0C7BC7B-46E5-4DC2-AB95-...
>I work this way in a not too different situation much of the time. I do,
>in fact, have a job, with just enough hours to get benefits, but I
>generally do more work than fits in those hours, and a lot of it is done
>from home using the mechanisms you mention.
>
> Leaving the workstation in the office--it doesn't have to occupy an
> office--seems like a great idea. I would recommend that you use VPN, at
> least at times. For example, are you running WSUS? If not, how do you
> manage patches? In a small office, it may be efficient to just tell the
> folks in the office to leave all the machines on on second (and sometimes
> 4th?) tuesdays, and just RDP in via VPN to all of them at the same time
> and make sure the patching gets done--and don't forget the Adobe stuff.
>
> It is actually faster and easier to do repetitive maintenance work on a
> collection of machines in an office remotely than it is in
> person--especially if you are able to do it during hours when the machines
> are not in use.
>
> You may also want to learn something about Wake-on-lan, and set up some
> batch files to wake machines--this can be quite useful if there's
> something significant that needs to be done, and a machine is turned off
> and nobody is in the office. Getting this working in the first place is
> easiest on site--some of the settings may be at the bios level, and
> several reboots are needed to be sure you have it functional. But if you
> can get it going it is very useful.
>
> I use the command-line tools at depicus.com which are simple and reliable.
>
>
>
> "Mike in Nebraska" <> wrote in message
> news:#...
>> Great idea! Thanks again.
>>
>> "Lanwench [MVP - Exchange]"
>> < hoo.com> wrote in
>> message news:...
>>> Mike in Nebraska <> wrote:
>>>> Thanks, Lanwench. I like your idea and will push to have the PC I
>>>> normally use set aside for me to remote into. I've had it for about
>>>> 5 years and I know it inside-and-out.
>>>
>>> You can stick it in the server room with no monitor on it and a big
>>> label that says "DO NOT TOUCH." :-)
>>>>
>>>> "Lanwench [MVP - Exchange]"
>>>> < hoo.com> wrote in
>>>> message news:%...
>>>>> Mike in Nebraska <> wrote:
>>>>>> Well, the worker is (probably) me. The economy is forcing hard
>>>>>> times for our nonprofit so I'll probably have to get a new job, but
>>>>>> they can afford to pay me P/T to manage the network, and do some
>>>>>> other minor work. The assets I'd need to get to are: shared
>>>>>> folders on the server, and the SharePoint sites (MOSS). I figured
>>>>>> it's be efficient, time-wise, if I could act as if I was still
>>>>>> on-site rather than RWW'ing into each server/computer to get what I
>>>>>> need. As the one and only IT guy, I could vouch for the security
>>>>>> actions of the user (me), but am still quite concerned about VPN.
>>>>>> Mike
>>>>>
>>>>> Sorry to hear about this. You can use VPN, sure, but it's not going
>>>>> to be just as though you were in the office - I generally don't even
>>>>> join 'home-worker' PCs to the domain unless there's a site link set
>>>>> up between the two networks. All the server admin you can do via RDP
>>>>> to the server. If they want you to do the work super-efficiently
>>>>> they should leave a PC available for you to remote into, I'd say.
>>>>>>
>>>>>>>
>>>>>>> VPN, but unless you're going to set up a site-to-site VPN this
>>>>>>> probably isn't going to work well at all and you will not be able
>>>>>>> to manage his workstation. What are the actual requirements? Why
>>>>>>> does it need to act as though it's still part of the LAN (and what
>>>>>>> does
>>>>>>> that mean, specifically)? Ideally I'd say a Terminal Services or
>>>>>>> Citrix box is in order here.
>>>>>>> It's not inexpensive, though, so the alternative would be to get
>>>>>>> him his own cheap and cheerful home PC which is *not* part of the
>>>>>>> domain and let him use RWW to get to his desktop in the office via
>>>>>>> RDP.
>>>
>>>
>>>
>>