My son is at college and his XP PC was on my domain I run at home. Even though he is no longer on my network while at college (obviously), he's had no trouble since he has been logging in with the locally cached profile. However, he let a "buddy" try to fix a networking problem and the "buddy" removed it from the domain, adding to a workgroup. Of course then he couldn't log in with his domain account, though I got him past that by logging in to a local account I had previously created on it. But now he's running into a bunch of errors and problems and I'm thinking the only way to fix most or all of it is to get his PC back on my domain. Jonathan How do I add his PC back to my domain while his PC is 10 hours away at college? Can he VPN into my network and then the necessary communication will take place between his PC and my DC? If so, what do I need to set up on my end to allow that? Obviously opening ports in my firewall is not a good idea. Do I set up RRAS on my DC or what? I've never really set up RRAS before so don't know just how that would need to be configured. And would I need to open any ports in the firewall to allow his PC to VPN into the DC/RRAS server?