Branch offices and staff who travel also need to have access to these organisation information systems. This can be achieved through the use of VPN, a Virtual Private Network connection.

User profiles will need to be configured to allow for a VPN connection to the network. On Windows Server this is performed through the Active Directory, under the Dial-in properties of each user: Remote Access Permissions (Dial-in or VPN), must be allowed. A domain controller within the network must also be configured to handle the VPN request which requires a different protocol than a LAN based connection.

A VPN network connection must also be configured on 

each workstation for users to connect to the network hosting these systems. To configure the connection, the IP address of the authenticating server must be known and users must insert their username and password for authentication and a connection to the network.

This configuration assumes internet access at both ends. A VPN connection can be made over a dial-up connection using a conventional modem, although this is likely to be too slow.

At start up, a VPN connection can be made prior to log on, after which a user can connect to the network as a fully authenticated member of the domain. The advantage of this is that domain level permissions are applied to remote users in the same way as for local users, and access rights for shared resources are as if the user were in the same building.