Purpose
Here are instructions for connecting to Active Directory from
off-campus using a Windows XP or Vista computer. If the computer is a
University-owned laptop or desktop, your Information Technology
Professional (ITP) can configure it for remote access to Active
Directory. If the computer is one that you personally own, follow the
instructions below.
What's Needed
- An active Active Directory account with access to shared folders
If you haven't done so before, you can activate your Active Directory account at https://www.umn.edu/myaccount. File share access is managed by CFOIT and can be requested by sending an e-mail message to cfans.help@umn.edu.
Please consult with your supervisor for information about shares you
will need access to and include that information in your message.
- A remote computer running Windows XP SP3 or Vista SP1
- Administrator-level access to the off-campus computer
- VPN (Virtual Private Network) software
For a detailed explanation of VPN, see http://www1.umn.edu/adcs/help/vpn/
Definitions
- Eligibility for Active Directory file share access
- Departmental share access is available for staff and faculty.
Students can be given access to specific folders or files within the
departmental share as needed at the request of their advisor,
professor, or supervisor.
- A personal share (sometimes referred to as your H, or home,
drive) is available to faculty and staff who have a regular payroll
appointment in CFANS. A regular appointment is defined as a long-term
continuing appointment for faculty, P&A, and civil service or
bargaining unit staff. This share is something only you have access to.
- Internet ID
- Also called the X.500 ID, your Internet ID is a unique eight-character
code used for logging in to University services and also used for your
e-mail address with
@umn.edu.
- Internet ID password
- The password that goes with your University e-mail address.
Procedure
Overview
- Install and enable Microsoft Networking
- Install and run the VPN Software
- Install the network drive patch (Windows Vista only)
- Map a network drive to your computer
Install and enable Microsoft networking
- Go to Start > Control Panel (or Start > Settings > Control Panel)
- Choose Network Connections (or Network and Internet Connections > Network Connection)
- Right click on Local Area Connection and choose properties
Check to see if the Client for Microsoft Networks appears in the box
for “This connection uses the following items." If so, make sure this
box is checked. If this is already set, go to the “Download and install VPN software” section below.
If you don’t have Microsoft Networking installed: - Click Install
- Click Client and click Add.
- Click the client for Microsoft Networks and click OK. This will install the client.
- Make sure the Client for Microsoft Networks box is checked
in the “This connection uses the following items" area of the Local
Area Connection Properties Window and click OK.
Download and install VPN software Each time that you use your off-campus computer to access Active
Directory shares or other University resources that are restricted, you
must start by opening a VPN connection. VPN (Virtual Private Network)
creates an encrypted network connection between your computer and the
University network, securing the data going back and forth between your
computer and the University.
Install network drive patch (Vista only)
The network drive patch for Vista adds a modification to the Windows
registry that is necessary to allow authentication to the Active
Directory.
Before you install this patch, you must have the latest Service
Pack (SP) for Vista installed (as of July 2009, this is SP1). To verify
that your computer is up-to-date, navigate to Start > Control Panel
> Security > Security Center and select "Check for updates." Once
this is complete, install the patch, which you can download by clicking
on the link below.
- Install the Vista SP1 patch by clicking on the link
- Save the .zip folder
- Navigate to the saved folder, open and double-click on the Vista SPIfix file.
- When prompted with the message "Are you sure you want to add the information to the registry?" Click Yes.
- A confirmation message will display indicating that the registry settings were updated. Click OK to close the message.
Map your network drive(s) to your computer
When you have all of the software set up as directed, you will need to
make the connection to your files on the Active Directory server. This
is called mapping a drive, and will connect your computer to the server
using one of the available drive letters on your computer. This
procedure must be done for each computer you use remotely, but once
done, the drive mappings will remain on your computer.
Be sure you have VPN running before performing this step to
ensure a secure connection. To run the VPN software, go to Start >
All Programs > Cisco Systems VPN Client > VPN Client. An icon
that looks like a small yellow lock will be added to your system tray
(the icons at the bottom right of your screen) indicating that VPN is
running. If you are having trouble connecting to VPN, see the link
above for further instructions.
Map your personal share (H-drive):
- Open My Computer or Windows Explorer (Start > Programs > Accessories > Windows Explorer)
- Click on Tools > Map a network drive
- Click on the arrow next to the Drive field and choose the letter H. This is the same letter you will see in My Computer or Windows Explorer. (If H is not available, any available drive letter will do.)
- In the Folder field, enter the path
\\cfans-users.ad.umn.edu\cfans-users$\your Internet ID. - Eg. \\cfans-users.ad.umn.edu\cfans-users$\john0000
- Check the box "Reconnect at logon" if it is not already checked
- Click Finish
- When prompted for a User ID and password, use your Internet ID for the User ID in the format
AD\Internet ID
- Do NOT check the box to remember your password. This
increases security risks and will cause confusion the next time you
change your password.
Map your departmental share(s)
Repeat steps 2-8 from the section above to map your departmental shares.
The information to enter in the folder field will vary depending on
your department. Most departments use the drive letter G mapped to the
following folder path: \\cfans.ad.umn.edu\cfans$. This path will connect to the departmental share that you have been granted access to.
ADM, APEC, BBE and IonE
Mappings for Administration (ADM), Applied Economics (APEC),
Bioproducts and Biosystems Engineering (BBE), and the Institute on the
Environment (IonE) are different because the shares for these
departments have been moved to a different server. The mappings for
these departmental shares are:
| ADM: |
\\cfans-adm.ad.umn.edu\cfans-adm$ |
| APEC: |
\\cfans-apec.ad.umn.edu\cfans-apec$ |
| BBE: |
\\cfans-bbe.ad.umn.edu\cfans-bbe$ |
| IonE: |
\\cfans-ione.ad.umn.edu\cfans-ione$ |
For all mappings, when the connection is successfully made, you will
see the files and folders you have access to through My Computer,
Windows Explorer, or when saving/opening files using the drive letter
you selected above. It may be convenient to create a shortcut for each
drive on your desktop.
Connecting to your mapped drives Once you have Microsoft Networking enabled, VPN installed, the network
drive patch applied (Vista only), and your drives mapped, you should be
able to click on your drives in My Computer or Windows Explorer and
work with the files and folders you have access to. Each time you log
into your computer, the drives will be remapped for you, but you must
open a VPN connection to access them. The process will look like this: - Boot the computer
- Connect to the Internet
- Launch VPN and log in
- Open My Computer or Windows Explorer or click on a shortcut for your remote drive
- Enter
AD\Internet ID and your Internet ID password
- Access your drives
If you experience problems with any of the above instructions, please contact cfans.help@umn.edu. | 
