Solution Architecture

Applies To: Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista

The solution involves a network that uses an Active Directory domain to manage its client computers. Active Directory provides centralized user and computer account management, authentication of users and computers, and Group Policy to automatically configure computer and user settings as configured by the network administrator. Active Directory uses servers called domain controllers to provide these services to the client computers on the network.

The following diagram depicts the components involved in provisioning a VPN connection on a client computer.

  1. The administrator (A) configures a Group Policy object (GPO) that deploys a PowerShell script to run at user logon. The GPO is stored on the domain controller (B). To create and configure a GPO, use the Group Policy Management Console (GPMC) Microsoft Management (MMC) snap-in. This GPO is configured to run a PowerShell script that creates a VPN connection, as described in the accompanying data file.

  2. The user (D) logs on to the client computer (C).

  3. As part of the log on process, the client computer communicates with the domain controller and identifies both itself and the logged-on user.

  4. The client computer retrieves any GPOs that apply to it or the logged on user and apply the settings in the GPOs. In this case, the GPO contains the PowerShell script, which is run on the client computer, and then the VPN connection is created and configured.

Later, when the user takes the portable computer to a remote site, he or she can connect to the corporate network by using the VPN connection created earlier. The next section contains step-by-step instructions about how to create the GPO and configure it to run the script on client computers.

Next topic: Creating the GPO to Deploy the Script