Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Connect locked-down Client laptop to own network - Domain PC/Workgroup 2

Status
Not open for further replies.

MacRon9

Technical User
Apr 25, 2008
3
DK
First off: This is my first post, so I sincerely apologise if I have posted in the wrong place.

Background:
I have a laptop provided by a Client, which gives me access to their backend systems (Via VPN), and enables me to share data with the client through their network/intranet. These systems/networks can only be reached via a Client-branded laptop, such as the one I have been provided.

I (and my team) develop different projects for the Client, and these are to be shared with the client, through the Client Laptop. I work partly on the Client laptop, and some times on other work stations, while my team do not use the Client laptop.

What I need:
1) Be able to (automatically) backup parts of the Client Laptop HD (5-10 GB) directly to my local network. Preferably every evening when I leave the office.
2) Transfer files from my Network to client Laptop, without going through USB Stick/external HD
3) Not have to drag the bloody bastard of a thing with me every single day (I work from the office and home)

Here's the problem:
1) The Client laptop is really an old P.O.S., which often crashes. I get a "new" from them every 5-6 months, but they are 2-3 years old.
2) There are no other options for sharing data with the client (too specific to explain)
3) The Laptop is very tightly locked down:
a) I cannot get Admin rights, and can't install anything
b) There's an aggressive firewall blocking all ports, except port 80 for IE6 (pls, dont ask)
c) My user cannot see or change any of the Firewall settings.
d) No Hacks: The Client's IT-Department will go balistic if I try to hack it.

What I can do:
1) Backup to an external USB HD/Stick
2) Copy/Delete/move files around
3) Run programs that do not require installation (e.g. FileZilla Portable)
4) Run Scripts (.bat/.vbs and anything that can be initiated from VBA)
5) Physically remove the Laptop HD, but then we're very close to what would upset the Client IT dept.
6) I can ping PC's on my network from the Client Laptop, but not the other way.
7) Use IE6
8) Run Task Scheduler (although with some challenges)

What I've tried:
A) Connect the Laptop to My network
This doesn't really work, as the laptop belongs to a Domain, and we have a workgroup/homegroup setup. I'll admit that I gave up after reading several forum posts, stating that you could not connect a Domain PC to a workgroup, but there may be solutions down this path.

B) Using local FTP
I've tried setting up a local FTP Server, and then trying to connect to it from the Client Laptop, using both IE6, ftp.exe and FileZilla Portable, and the laptop cannot reach the server.

There's possibly a solution down here, as the clients Indian team share files with me, using an internal FTP setup, using port 24 and 10.x.x.x IP Address range. I can only reach this ip address when connected through the VPN, and the Indian team won't tell me their setup, as they don't want to get in trouble with the IT Dept. My network uses 192.168.0.x ip address range.

Other potential solutions:
1) External USB HD connected to two PCs(?)
I doubt it's possible, but if there were such a thing as a dual-connected external USB HD, where two PCs could both connect, then this would solve my problem. I could set up an automatic backup on the client laptop, and then have another PC plugged in to the external HD, connected to the network. I haven't been able to find one, though.

2) NAS with USB connection
Kinda the same as no 1 above, but if it's not possible to connect two laptops through USB, then possibly one through USB and the other(s) through the NAS. I haven't been able to find one, though.

3) Backup through Cloud/Internet
I have a box.net and Amazon S3 account, and can in theory backup to there, but this will require some kind of automation script using IE6, which I do not feel too comfortable with. Further, this is sensitive data, so would prefer an all local solution.

4) FTP over Http & Internet
I could set up a SFTP server, and then reach through it from the laptop using a browser-based SFTP Client (e.g. but I honestly do not know if this is possible/secure. This would also be very bothersome to set up.

5) Infinite USB Memory from Infinitec
I was about to order the IUM from Infinitec, as the promo video made it look like it would work. After reading the review on Engadget, I seriously doubt it would work, as it needs to configure the Firewall to accept connections, which is not possible on the Client laptop.

6) Run the Client Laptop on a virtual PC(?)
I could possibly take out the HD of the Client Laptop, and then copy it to a virtual pc on my server, and then cut out the Client Laptop completely. I don't know if this is possible, as I have no experience working with virtual PCs.

Finally: I may be going at this at a completely round-about way, and not seeing the obvious solution, but I'm loosing my mind here.

PS: Sorry for the long post, just wanted to get all the facts in.
 
I can't think of too many ways around that(which is probably their intention when they locked it down)

One thought is a bootable linux distro on CD or USB, once in Linux you could do whatever the hell you want. I know that wouldn't be a workable solution for when you need to share files back with them(VPN) but when you need to put or get files from that computer to your network or back things up, it would work for that.
 
Thanks for the suggestion! Not exactly what I was hoping for, but almost :)

This would mean I would have to reboot the PC every time I wish to back up and transfer files, but definitely a potential solution, I hadn't thought about, so many, many thanks!

It’s been quite a while since I've used bootable linux distros, but I could possibly set it up so that when linux boots up, it automatically back-ups the laptop HD to the network, and copies any new files from the network to the laptop. Then I could reach the files from home via the cloud, and then not have to carry the darn thing around…

I’ll leave the question open for a while, to see if there are any suggestions for how I can backup / transfer files, without having to reboot.

PS: The client is a major company with +100K employees, so they need strict IT policies. My contract requires me to make daily local backups of any work I do for the client, so a classical clash of business needs and IT governance…
 
The client is a major company with +100K employees, so they need strict IT policies
(climbing upon on my soap box)Please don't get me started on this one. If there is one thing that drives me nuts is that excuse for laziness. We don't want to be bothered setting up a properly tiered system that provides the capabilities to do the job, so we will just treat everyone like they are 2 years old. If we don't prevent you from doing things, we know you won't do your job. You get the picture, I'm sure(getting off soap box).

You may find that this topic, and what you are asking is off limits in a lot of forums as it is in the realm of helping avoid company policies. From your personal perspective, I would recommend caution, assuming you wish to keep the job that you are performing.

My best suggestion would be to try and work from another PC to the extent possible. Without administrative capability on the one provided, there is little that you will be able to do. It sounds like it has been locked down to VPN to a particular LAN and all other interfaces and ports have been turned off. Like it or not, right or wrong, this is their choice and you have agreed to work within their framework when you took the contract.

If you still have access to the BIOS or if it will allow you to choose an alternate boot device, such as a CD Rom or a USB, working with a Linux live CD is probably your best option. Once you have it running in Linux, you could copy data from another PC via the network and then connect it to back it up to the client.

If they are using a standard VPN, like a Cisco client, and you have the login credentials, you may be able to VPN in from another machine. You may also be able to SSH into home via a tool like putty which doesn't "install", but you would need to configure your home server to use port 80 if that is what is available. There are other tools like corkscrew that will establish tunnels via http methods and combine well with ssh. You can also effectively VPN, and proxy over SSH. This would allow you to establish a secure connection to your home to transfer files. Standard Disclaimer: You should check with the IT department to make sure that this would be acceptable first and that it wouldn't violate any of their policies.

Personally, I would suggest that instead of trying to work around it, you "throw it back at them". While it may be frustrating, use the fact that the pile causes trouble, is slow, etc. Keep filing support tickets. Report EVERY problem and make them address it. Bill them for all of the hours spent trying to get the thing to work. Report these facts to your contract supervisor, but do it in a dispassionate, just reporting the fact matter. Show them how it is driving up the costs and let it. Either they will get the point or they won't care.
 
Thanks for your input!

I guess I should have mentioned, that any solution I come up with, will have to be signed off by the Client IT Dept, and while they are great guys and appreciate the situation, there's no flexibility in the governance rules...

So I'm basically allowed to do whatever I can, given the restrictions imposed. It wasn't a problem until new governance rules removed admin rights for all consultants.

Without going into too much detail, the IT governance position is that there's no problem in having me waste an hour every day making backups and transferring files via USB, while the Client's business side of things would rather NOT pay for this... If no solution can be found, then I'll have to continue wasting the Client's money...

90% of work is not done on the laptop, the laptop is rather a means to transfer the work back to the Client, and until admin rights were revoked, a working solution. I have floated the linux solution to the IT dept, and they are ok with it, as long as I don't inspire anyone else to do it, as they are worried of "opening flood gates"...

Back to the problem:
- I can change Boot order, so linux is a solution, albeit not perfect.
- The VPN setup is locked down to their servers, so cannot connect to my own from it.
- I hadn't thought of using Putty and port 80, and am not quite sure how to set it up, but will give it a try.
- Didn't know of corkscrew, so thanks for the suggestion!

PS: I didn't actually sign up to this, and my contract clearly states that it is the responsibility of the Client to provide admin rights, access, etc. So while I could just sit in a corner and say "not my problem", I'd rather see if I can solve the problem :)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top