I'd go with the TS/RD Gateway option. It is very very easy to configure and "just works" imo. TS/RD Gateway can be configured to allow members of security groups to only be able to rdp to certain machines etc.
We don't allow any VPN access as it just isn't necessary. From: David Lum [mailto:david....@nwea.org] Sent: Thursday, 11 November 2010 7:17 AM To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive "work from home" day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
