From the user's perspective, the VPN connection is a point-to-point connection between the user's computer and an organization server.
I recommend laptop users to set permissions properly to secure files in shared folders on their laptops. They can set up permissions on every shared folder using "Sharing and Security" tab from the folder's Properties.
The particular policy settings available under Security Options are determined by the security template file, that was imported into the Group Policy object (GPO). These security templates are .inf files stored in your computer's %windir%securitytemplates folder, and by default Windows Server 2003 includes a number of standard templates. For example, the securedc.inf template can be used to harden the security settings on your Windows Server 2003 domain controller, while hisecdc.inf can be used to harden these settings to an even greater degree.
Windows Server 2003 offers two MMC snap-ins dedicated to security templates: The Security Templates snap-in and the Security Configuration and Analysis snap-in. The Security Templates snap-in is used for creating security templates; and the Security Configuration and Analysis snap-in is used to see what's in a template.
Windows Server 2003 doesn't come with a preconfigured console for the snap-ins, so you must open the MMC and add them yourself. I recommend to add both snap-ins to the same console because they're so closely related.
The Security Templates snap-in starts with a list of the templates that are included with Windows Server 2003:
Compatws. Designed to lower specific file system and Registry permissions to enable some older Windows applications to run properly.
DC security. Designed to be applied to domain controllers, it provides a higher level of security.
Hisecdc. An even more secure configuration for domain controllers, it requires network encryption from clients.
Hisecws. A highly secure configuration that enables IPSec encryption with secure servers. This template can be applied to workstations and member servers in a domain.
Securedc. A slightly less-secure template than Hisecdc, intended for use on domain controllers.
Securews. A slightly less-secure template than Hisecws, intended for use on workstations and member servers.
Each template configures settings in seven areas: Account Policies, Local Policies, Event Log, Restricted Groups, System Services, Registry and File System. Good practice is to take a standard template, make a backup copy and change it for specific needs.
I recommend using Internet Protocol version 6 to secure communications from Human Resources server to the Payroll server. Windows Server 2003 supports secure Internet Protocol version 6, the "next generation" of the Internet Protocol. IPv6 provides for more than just an increase in the number of available addresses. It is also designed to provide for better performance and, even more important in today's business