locked
SSTP and remote administration RRS feed

  • Question

  • Hi,

    If I implement SSTP could I manage computers even if the user is not logged on? Or do I need DirectAccess for this ?

    This is just a question for knowledge, not going to implement anything.

    Regards

    Ole

    Tuesday, March 6, 2012 11:03 AM

Answers

  • Hi Ole,

    Potentially, yes you can. It's not as readily achieved as if the client were on the corporate network, but with careful planning around firewall rules, group policy and/or agent configuration and access between remote and corporate networks, it most definitely is possible.

    At the end of the day, it doesn't matter whether it's SSTP, L2TP/IPSec, PPTP or something else, so long as you can actually route from internal to external and so on, this scenario will be fine.

    Cheers,
    Lain

    Tuesday, March 6, 2012 11:50 AM
  • The best way to give remote users access to your corporate network is based on your organization’s needs, which includes existing bandwidth, existing infrastructure, and administrative overhead and other criteria's which of relevance to you. As Lain suggested the available technologies can be combined to give your users the most flexible remote access experience. For example, configure your organization’s computers to use DirectAccess if they are joined to an Active Directory domain and set up Windows so the users can default to using VPN Reconnect as the primary VPN, but fall back to SSTP and then to PPTP in situations where VPN Reconnect might be blocked by an intervening firewall. 

    Here is an nice article, which you might want to refer

    http://technet.microsoft.com/en-us/security/ff730324


    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Most of the downtime's are caused because of SysAdmin's curiosity ! - Santosh

    • Marked as answer by OleTechnet Tuesday, March 6, 2012 2:14 PM
    Tuesday, March 6, 2012 12:56 PM

All replies

  • Hi Ole,

    Potentially, yes you can. It's not as readily achieved as if the client were on the corporate network, but with careful planning around firewall rules, group policy and/or agent configuration and access between remote and corporate networks, it most definitely is possible.

    At the end of the day, it doesn't matter whether it's SSTP, L2TP/IPSec, PPTP or something else, so long as you can actually route from internal to external and so on, this scenario will be fine.

    Cheers,
    Lain

    Tuesday, March 6, 2012 11:50 AM
  • The best way to give remote users access to your corporate network is based on your organization’s needs, which includes existing bandwidth, existing infrastructure, and administrative overhead and other criteria's which of relevance to you. As Lain suggested the available technologies can be combined to give your users the most flexible remote access experience. For example, configure your organization’s computers to use DirectAccess if they are joined to an Active Directory domain and set up Windows so the users can default to using VPN Reconnect as the primary VPN, but fall back to SSTP and then to PPTP in situations where VPN Reconnect might be blocked by an intervening firewall. 

    Here is an nice article, which you might want to refer

    http://technet.microsoft.com/en-us/security/ff730324


    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Most of the downtime's are caused because of SysAdmin's curiosity ! - Santosh

    • Marked as answer by OleTechnet Tuesday, March 6, 2012 2:14 PM
    Tuesday, March 6, 2012 12:56 PM