Educause Security Discussion mailing list archives
Re: VPN policies.
From: "Scholz, Greg" <gscholz () KEENE EDU>
Date: Fri, 20 Apr 2007 17:05:41 -0400
Question/comment considering this started as a policy thread... Do you allow printing to users home printers/computers from the remote access session? My scenario: User's personal home computers and the printers that are connected to those computers. We do use print servers so I am sure that it would not be too difficult to get them to be able to print to their office computers via the term server. The problem lies in getting the appropriate printer driver onto the term server so that the term server can actually do the printing to the printer that is local to the user's home computer. FYI: I am not saying I really want to fix this "problem" as I am not really sure I consider it problem. But we don't do it now both because I do not think it is necessarily a good idea and also because I think it is difficult. _________________________ Thank you, Gregory R. Scholz Director of Telecommunications Information Technology Group Keene State College (603)358-2070 --Lead, follow, or get out of the way. (author unknown) -----Original Message----- From: Joey Rego [mailto:jrego () LYNN EDU] Sent: Friday, April 20, 2007 3:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] VPN policies. Hey Gregory, How is your printer infrastructure set up? Do you have a print server(s)? Were the machines that your users are connecting with once on the domain? And how does the user log in to the machine when they are remote? With their cached domain credentials? If so..once the user logs in to the machine and connects via vpn client or ssl client the user just needs to be able they can connect to the print server via UNC. If they can they can print just fine. if you are talking about mapping it for them you will just need to script that connection. If the machines have never been on the domain then they users will just have to authenticate to gain access to the resources. Hope this helps. -----Original Message----- From: Scholz, Greg [mailto:gscholz () KEENE EDU] Sent: Friday, April 20, 2007 2:43 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] VPN policies. We have a fairly new solution along these same lines (we still make them use VPN but run term services over it) and biggest question we have received is "what about printing?" So I ask the list, "what about printing?" I know printing via terminal services is possible but is a bear to manage and thus far I have taken the stance that it is not supported but it is not disables so if the user has a printer with native print drivers that works then good for them. _________________________ Thank you, Gregory R. Scholz Director of Telecommunications Information Technology Group Keene State College (603)358-2070 --Lead, follow, or get out of the way. (author unknown) -----Original Message----- From: Charlie Prothero [mailto:Charlie.Prothero () KEYSTONE EDU] Sent: Friday, April 20, 2007 2:10 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] VPN policies. Keystone College primarily facilitates remote access through terminal servers. We give out the IP address with instructions on how to launch the remote desktop client from XP. Much easier than supporting VPN, and less risk of messed up home computers compromising network shares. Also, no questions as to why the 600 MB PowerPoint won't open over VPN! We do not provide any equipment for home use, nor do we subsidize ISP accounts. Nearly everyone has at least one XP machine at home these days, so the only people who we're not serving well are those who can't get broadband service due to a rural address. - Charlie -----Original Message----- From: Timothy J. fairlie [mailto:fairlie () RIDER EDU] Sent: Friday, April 20, 2007 2:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] VPN policies. At the moment, we provide a VPN client to those that need access from home. It isn't fun... Nobody wants to touch an employees home machine anyway, and in some cases they may want/need client software in addition to the VPN client to access a resource they need. We "encourage" these employees to get laptops, as the VPN is the only software we'll provide for a home machine. So even though we've had few problems, when they do come up it's a major hassle. This summer we will be moving to an SSL (web-based) VPN, hopefully that will eliminate the need to provide client software at all. T.. Timothy J. Fairlie Director, Network and Communication Services Rider University fairlie () rider edu Matthew Gracie wrote:
Like most institutions, I'm sure, we're getting more and more requests from people who want access to on-campus resources from off-campus. Our VPN concentrator is more than up to the task, but right now, we're discussing the best set of policies to allow people access to work from home without compromising data. How are people handling this? Are users accessing VPNs with their personally owned machines at your institution? Are you mandating
laptops
for users who work from home? An entirely different computer that stays at the employee's house? Who pays for the Internet connection? What about other hardware (routers, APs, etc.) that they need? Is IT supplying computers for off-campus use, or is it the job of the
department?
Any and all input is appreciated. --Matt
Current thread:
- VPN policies. Matthew Gracie (Apr 20)
- <Possible follow-ups>
- Re: VPN policies. Timothy J. fairlie (Apr 20)
- Re: VPN policies. Charlie Prothero (Apr 20)
- Re: VPN policies. Scholz, Greg (Apr 20)
- Re: VPN policies. Joey Rego (Apr 20)
- Re: VPN policies. Scholz, Greg (Apr 20)
- Re: VPN policies. Yandro Chavez Rubio (Apr 20)
- Re: VPN policies. Joey Rego (Apr 21)
- Re: VPN policies. Philip Webster (Apr 23)
- Re: VPN policies. Nathan W. Labadie (Apr 23)