Hi!

After installing Wins my Vpn seems to work better when connecting
remotedly over vpn to my 2003 server. I have a question though, that
I dont quite understand.

at work , my desktop pc is connected to a different domain than the
server at home. So whenever I connect from work to my home server, it
doesnt allow me to browse the active directory. I can use the
start-run \\ << ip address trick, or enter the ip address. as long as
i have permission to view the share, I have access to the files. The
question I have is the following.

since I am connected to a different domain that the server I am
connecting to via VPN, does that means that I have to change domain
names in my desktop pc ( work ) beforing vpning to my home server just
so I can view my shares via network neighbourhood? I understand this
is problably because my desktop from work has never been physically
connected to my home server hence the computer account was never
created. Am I correct by saying that I can jsut go ahead and create a
computer name on my 2003 server and having done this, I should be able
to vpn from work and browse the shares?




thanks!

Cid>So whenever I connect from work to my home server, it doesn't allow me
to browse the active directory.

You meant the browse list as displayed in Network Places.

Cid>Since I am connected to a different domain that the server I am
connecting to via VPN, does that means that I have to change domain
names in my desktop pc ( work ) before vpning to my home server just so I
can view my shares via network neighborhood?

Do you really want to change the domain membership of your machine at work
to accomplish this? Even if you did this, you need still name resolution in
the form of WINS (or an LMhosts file on your work machine) to find the
machines on your home network by name instead of IP.

Cid>I understand this is probably because my desktop from work has never
been physically connected to my home server hence the computer account was
never created.

Incorrect. A computer account in Active Directory has no direct correlation
with the appearance of the browse list as displayed by Network Places.
Obtaining access into each of the computers shown in the browse list and
enumerating it's shares does require domain membership (or a trust to the
domain). In this case, having an actual machine account in Active Directory
can in fact be relevant.

Cid>Am I correct by saying that I can just go ahead and create a computer
name on my 2003 server and having done this, I should be able to vpn from
work and browse the shares?

Incorrect. Browsing across subnets requires WINS, or LMhosts files, the
presence of a PDC or PDCE, domain name 1B entry in WINS, the and browser
service active on at least some machines in each subnet in order to build
the browse list. Since browser announcements are LAN broadcasts, which are
blocked by routers, the concept remains the same with VPN, since VPN
end-points perform TCP/IP routing.

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT

Let me correct myself. I said: a computer account in Active Directory has
no direct correlation with the appearance of the browse list as displayed by
Network Places. Obtaining access into each of the computers shown in the
browse list and enumerating it's shares does require domain membership (or a
trust to the domain). In this case, having an actual machine account in
Active Directory can in fact be relevant.

This statement is wrong. A machine's workgroup or domain membership will
effect how the Microsoft Windows Network is displayed in Network Places.
When a machine is part of a workgroup, it will send out an announcement to
the subnet stating it is part of that workgroup and retrieve the list of all
other computers in the workgroup from the subnet browser responsible for
that workgroup name. The same thing occurs when in a domain. This list
will look different depending on what workgroup, or domain, a machine is a
member of. In any event, access into the shared resources of any other
machine in the workgroup or domain will then be governed by rights
(controlled by policy), share and NTFS Permissions. See what happens when
you post past 3:00AM and you live in the eastern time zone? :-)

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT

CiD wrote:
Replied in another group. Please don't multipost - if you need to post to
multiple groups, it's best to crosspost instead, by posting a single message
to a handful of relevant groups (separate the NG names with commas) so that
everyone can follow the thread. This makes it easier for everyone, including
you. :-)