We have a domain controller (Windows Server 2008) which has all of our employees user accounts with their roaming profiles.
I am in the process of looking into options for remote workers using laptops. The users would share a few laptops between them and take a different laptop with them every time.
Would it be sensible having the laptops linked by 3G through a VPN back to the office server? The users would then get all of their files etc. on the laptop as if they where sat at their desk. However, the connection speeds may cause issues.
Is it possible to link the laptop to the domain via VPN without adding any extra servers or server software?
Best Answer
While you certainly can use a Domain Controller for your VPN it's generally not advised to do so if you have other options. Configuring the VPN on a DC is no different to doing so on any other Windows server.
Given your requirements, the problem you face is that there is nothing to stop the users logging on to their laptops prior to connecting to the VPN. While it is possible to prevent this it tends to make the laptops a whole lot less usable.
This problem is the same regardless of whether the VPN is on the router or the server. If you wish to enforce a policy to force the laptop to be connected to the VPN prior to the use logging on (never done it, don't ask me how) the VPN can still remain on the router. It's the authenticating server that matters, not what/which is hosting the VPN, as long as the client machines can talk to the DC when connected.