We are enabling VPN for staff. We had VPN before, and accounts were created directly on the firewall, but we just recently upgraded to W2K8 R2 and during that I removed those accounts and had the techs doing the upgrade create an AD group to make it easier to manage VPN connections. Now if an account is a member of that group they get access to VPN using their AD account. The main thing here is we are going from having no more than 5-6 VPN users and expanding this to 30+, possibly even 100+ in the future.
I have enforced a password policy to ensure staff have a strong password and that it is regularly changed. The laptops they use to access are company laptops which get AV and Windows updates regularly. Requests to our network must come from our firewall and only encrypted traffic is allowed.
But I wonder if there is anything else I can do. For example, is there a way I can ensure that the laptops used to access the VPN are our own ones? Or is that not necessary? Is there anything else I should consider?
I've seen this http://technet.microsoft.com/en-us/library/cc778749(v=ws.10).aspx and also this http://technet.microsoft.com/en-us/library/cc775607(v=ws.10).aspx but not sure how relevant they are to my situation. Also, once it gets into the details of networks, I don't really know enough to follow it.
Thanks,