One of the things that I liked about it was the ability to authenticate against our production domains. That typically meant that our users could boot and authenticate locally for local operation, and were only forced to connect to the VPN and authenticate against the network domain when they (a) connected to the Internet and then (b) launched the VPN client to connect to our secured network.
So the normal order of events is for the user to boot the machine, authenticating locally (or using the "Authenticate via dial-up networking" option), and then launch the client to establish a connection authenticated against your network. Apparently you want to reverse this order, authenticating a connection to your network before finding out whether this user is allowed to use this machine at all.... Perhaps you are trying to enforce a policy that the machine is not to be used except with an active VPN connection. I don't think that can be done. 1) Have you never seen a boot with the "Some service or device failed to start" dialogue? I know of know way to prevent this, so even if you can load the client as a service, there's no guarantee that it has established a session before the user gets an opportunity to log in. 2) In order for the VPN connection to start up as a service, you'd need to store its password in some kind of service configuration. You'd lose at least one level of assurance that the person at the keyboard was the user the machine had been issued to. [Services cannot normally interact with the screen, because by default they run in a different window group. Having a service prompt the user for a password is going to require some low-level acrobatics that I doubt Cisco's code does.] DG On 10 Nov 2001, at 7:08, [EMAIL PROTECTED] wrote: > Has anyone been successful in running the Cisco Unified VPN > software client as a Service available on Startup on NT4 and/or > W2K? > > We are finding it difficult for it to activate before user login. > > Any tips would be greatly appreciated! > > Thanks! > > Roy. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
