Configuring Windows 7 for VPN Single Sign On
Let's begin with a computer that has Windows 7 installed and is not yet domain-joined. Begin by logging on using the credentials of a local administrator on the computer:
Figure 1: Step 1 of configuring Windows 7 for VPN Single Sign On
Once you are interactively logged on to the Windows desktop, open the Network and Sharing Center. The next step is to create your VPN connection, and you begin doing this by clicking the Set Up A New Connection Or Network link circled in red below:
Figure 2: Step 2 of configuring Windows 7 for VPN Single Sign On
In the Set Up A Connection Or Network wizard, click the Connect To A Workplace option as shown below. If the user of the computer is going to be using a dial-up modem connection instead of a VPN tunnel over the public Internet, select the fourth option in this wizard page instead and proceed similarly to the steps that follow.
Figure 3: Step 3 of configuring Windows 7 for VPN Single Sign On
In the Connect To A Workplace wizard, click the Use My Internet Connection (VPN) option as shown next:
Figure 4: Step 4 of configuring Windows 7 for VPN Single Sign On
On the next wizard page, specify a FQDN or IP address for the VPN server the user will use to connect to the corporate network, and type a friendly name for this connection as shown below. Also be sure to select the Allow Other People To Use This Connection checkbox as shown below. Selecting that checkbox is important since it makes the System built-in identity the owner of the VPN connection and not the user (Karen) who is configuring the connection on the computer, and that will allow other users of the computer to perform VPN SSO logon. And if the user of the computer will be using his smart card for logging in, be sure to select the Use A Smart Card checkbox as well. Finally, if the computer you are configuring is not currently connected to the Internet, you can select the Don't Connect Now option which will set up the new VPN connection but not initiate it until you manually choose to do so later.
Figure 5: Step 5 of configuring Windows 7 for VPN Single Sign On
On the next wizard page, type the credentials that will be used for logging on to the domain. In this case, Karen Berg is configuring the computer for her own personal use, so she enters her own credentials here.
Figure 6: Step 6 of configuring Windows 7 for VPN Single Sign On
Finish the wizard to set up the new VPN connection. Once this is done, the user can click the Network icon in the notification area of the taskbar, and a popup window will appear showing the newly created VPN connection:
Figure 7: Verifying the VPN connection.
To complete setting up her computer, Karen now joins her computer to the domain. If she is in the office, she can do this by connecting the computer to a LAN drop, clicking Start, and right-clicking Computer to open the System Control Panel item. Then she clicks Change Settings and join her computer to the domain the usual way. If she is on the road sitting in a hotel somewhere, she would first use a LAN drop in a hotel room or a secure wireless hotspot to gain Internet access and then click the Network icon in the notification area, click My VPN Connection in the popup window, click the Connect button, provide her domain credentials when prompted to do so, establish a VPN connection to the corporate network, finish logging on to her desktop, and then join her computer to the domain in the usual way.
Logging On using VPN SSO
Now Karen is on the road and she needs to access shared resources on her company's internal network over a VPN connection. To do this, she turns on her computer and waits until the logon screen appears:
Figure 8: Step 1 of logging on using VPN SSO
Karen then presses Ctrl+Alt+Del and sees the usual logon screen as shown next:
Figure 9: Step 2 of logging on using VPN SSO
Instead of typing her password, Karen clicks the Switch User button, and an additional blue button now appears near the bottom right of her screen. This button is circled in red in the next figure, and if Karen hovers her mouse over this button a tooltip saying "Network Logon" appears:
Figure 10: Step 3 of logging on using VPN SSO
Karen clicks the blue Network Logon button, and this opens a new logon screen called My VPN Connection (this was the friendly name that Karen gave to the VPN connection she created earlier). Karen now types her username and password (if she uses a smartcard then she selects the checkbox instead):
Figure 11: Step 4 of logging on using VPN SSO
After entering her credentials, Karen presses Enter and a dialog box appears indicating that the VPN connection is being established with the remote network:
Figure 12: The VPN connection is being established
Once the VPN connection has been established, the credentials Karen specified will automatically be used to log her on to the desktop of her computer. Once her desktop has appeared, she can browse shared resources on the corporate network over the VPN connection, upload and download files, and perform her work.
No comments:
Post a Comment