TR Forums

Here's the scenario: Working for 2 different companies from the same office. One company is where my desk is, the other is 1000 miles away. I access files and email on the remote enterprise network by joining their domain over VPN. I also want to be able to join the local domain to access network drives and email exchange. I want to do both of these things on the same computer. Is this possible?

I really don't know what other details to provide. Any assistance is greatly appreciated.

The first thing is going to be their VPN client policy settings. Most companies that I've come across disable split-tunnelling, meaning that when you bring up the VPN connection all your network traffic goes down the VPN. That's to stop your box becoming a backdoor gateway on to their network behind their firewalls.

I actually do the same thing. It is only possible (in my opinion) by installing a Virtual Machine software. I use either Oracle's VirtualBox or VMware's Workstation. Once you have a VM set up, you can then connect to your other domain via VPN and you will be connected to that domain while your local domain still remains intact on your main system.

You *might* be able to make something work by installing 2 NICs and disabling the VPN driver for the 2nd one on its TCP/IP properties page. IIRC I did something like this a long time ago, but it was on Win2K and the local network was a workgroup (not a domain) so it may not be applicable.

thegleek's VM idea is probably a better approach...

A virtual machine is pretty much the only option if the OP is talking about joining a box to two AD domains. AD can be designed to allow two different domains to pass credentials to each other, but I don't think that's an option here.

I'm going to ++ thegleek, JBI, and flatland_spider here. The VM is the way to go.

It's what I do at home for my work stuff.

Another vote for a VM.

I'm not aware of any way to have a workstation joined to two domains. If the other domain is trusted, you could access resources there, but that may or may not be possible depending on if there's a relationship and need between the companies for this.

The downside (other than performance) of a VM is that you'll need another Windows license unless you're OK with using Linux to access one of the networks...

just brew it! wrote:

The downside (other than performance) of a VM is that you'll need another Windows license unless you're OK with using Linux to access one of the networks...

If he's running Win7 Pro or Enterprise he can install XP Mode and join the VM to the alternate domain.

And if VirtualPC isn't your thing, you can install VMware Player and run your XP Mode VM using that.

Depending on which resources you are after on the two different domains, then yes, most can probably be accessed, say a printer or a file share, or even e-mail, but you will never be able to use it transparently or with single-sign on and similar without either a trust-relationship between the domains, or a third party credential manager that systems from both domains are looking up.

Doing it concurrently though is up to split tunneling and the vpn-part, but allowing split tunneling is as people have already said, usually frowned upon.

Can you have another client machine on the remote domain set up that you could use remote desktop to access it? I don't know enough about VPN or virtual machines to know if it's inherently more secure or not, but I would think you should be able to establish a secured connection from your local machine configured on your local domain and connect to the remote machine configured and connected to that domain. We use the remote web workplace built into SBS2003 for remote connections to desktop clients running at the office. Alternatively you should be able to set up port forwarding or somesuchthing with VPN to access the remote machine directly from the RDP client on your local machine (ie. remotemachineipaddress:3389). I think you might find performance is much better than VPN for larger files, etc. I used to VPN at work and it was painful working on even modestly sized spreadsheets, etc. vs. just remoting into an available machine for the same work. Just a thought!

Thanks for all the great info!

I think I've got him convinced that the easiest thing to do is just use LogMeIn to access local files and email. I installed it today and he's test driving it now. If he decides it won't work for his needs, I'll suggest the VM route.

Thanks again.

frumper15 wrote:

Can you have another client machine on the remote domain set up that you could use remote desktop to access it? I don't know enough about VPN or virtual machines to know if it's inherently more secure or not, but I would think you should be able to establish a secured connection from your local machine configured on your local domain and connect to the remote machine configured and connected to that domain. We use the remote web workplace built into SBS2003 for remote connections to desktop clients running at the office. Alternatively you should be able to set up port forwarding or somesuchthing with VPN to access the remote machine directly from the RDP client on your local machine (ie. remotemachineipaddress:3389). I think you might find performance is much better than VPN for larger files, etc. I used to VPN at work and it was painful working on even modestly sized spreadsheets, etc. vs. just remoting into an available machine for the same work. Just a thought!

I just don't see how that would work AT all.... If you RDP'd into a secure connection via VPN, you essentially are JOINING a domain. So how would that remote computer be able to join a different one then it's already assigned to? Not likely.

JJCDAD wrote:

I think I've got him convinced that the easiest thing to do is just use LogMeIn to access local files and email. I installed it today and he's test driving it now. If he decides it won't work for his needs, I'll suggest the VM route.[

I'm confused. You asked for help. Everyone gave suggestions, and you chose another option that NONE of us suggested. Interesting.