Can I fake out my work VPN with a complete disk copy?
December 21, 2013 10:08 AM   Subscribe

If I do a disk copy of my work computer, will the VPN be usable? Nothing nefarious planned; I simply want to be able to VPN in if I'm stuck at home (snow, sickness) without my work laptop.
posted by IAmBroom to Computers & Internet (13 answers total)
If it's Windows, you'll probably have a lot of trouble with a disk copy unless it's identical hardware. Not sure what the situation is on Mac.

Otherwise, I can't see any reason that it wouldn't work.
posted by zixyer at 10:09 AM on December 21, 2013

Bypassing your corp's IT policies is probably a bad idea. Ask them how to VPN from your home computer. If they say not to, then don't.
posted by ryanrs at 10:22 AM on December 21, 2013 [6 favorites]

Best answer: The straight answer:
Try creating a VM with VMware Converter, fire it up in VMware player or such, and see if it works. Converter takes care of several details for turning the windows install into something that will work virtual, though as zixyer notes, a disk copy of a windows box is going to be prone to being uncooperative (it will at once load drivers that may misbehave on different hardware, and may well be missing drivers required for you to boot. And then there may be something your IT department put on there that's just incompatible with virtualization).

The pitfalls:
The VPN in turn will probably check that your OS patching is fairly up to date, and your antivirus definitions aren't stale - and that may be a hassle for you to keep fresh in the long run. Then there are there are the other programs that need to be kept fresh with up to date data.

What you should do:
I'd see if you can just get the VPN software (preferably via licit request to your IT department), install it on a fresh VM, and RDP into your work computer, if that's possible. No piracy required, and way less hassle to deal with.
posted by wotsac at 10:26 AM on December 21, 2013 [1 favorite]

Windows: locate the VPN setting file in one of these two folders:

Stored for User only: %userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
(so, C:\Users\yourusername\Appdata\Roam.... )

Stored for All Users: C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
That file contains your connections.

On OSX, this is stored as a plist file in either:
~/Library/Preferences/ByHost (all users) or

The ?? is your network adapter mac address, so a 12-digit hexidecimal value. (Numerals 0-9, letters a-e).

Transfer this to your new computer (to a temporary location), and then open Internet Connect from the applications folder. File -> Import; select the above file.

If the connection appears the same but fails from home, there might be some other level of authentication going on that your home computer is failing because it wasn't explicitly authorized. I'm not exactly sure what that would be, but your IT guy will know, and at that stage you'd have to ask for permission anyway.
posted by Sunburnt at 10:26 AM on December 21, 2013

What kind of VPN are you talking about? There's more than one way to set one up - you may need to install some software on your home computer.

A whole disk copy probably won't work though. Windows wasn't designed to do this (assuming you are on Windows): at worst it will refuse to boot, at best it will require re-activation when you fire up the new PC. This may or may not get you in trouble with your IT people. On top of that, all sorts of other software uses networked DRM schemes these days to prevent this exact scenario: the cloned install may very well report back to your IT or the software manufacturer.

Like everybody else says, the right way to do this is to ask your IT for help. Aside from pissing them off and/or getting in trouble, you are asking for the unnecessary frustration of trying to guess how they have set things up.
posted by Dr Dracator at 11:11 AM on December 21, 2013 [1 favorite]

I echo with everyone who said: ASK IT.

And if they say no- do not try and override them. In some industries, there are specific protocals, laws and good security reasons not to allow the access to the VPN from an outside network.

In addition, it can be grounds to be fired.
posted by AlexiaSky at 11:26 AM on December 21, 2013

And just to be complete here, unless it's the kind of job where they forbid you to work from any machine not owned and controlled by the company, this should be no problem for IT to set you up. It can be as simple as giving you a URL or file to click on, or as complicated as walking you through the setup over the phone.
posted by rhizome at 11:32 AM on December 21, 2013

This is a bad idea. First, making a full disk copy just to copy some settings over is way overkill.

Second, taking home a full-disk copy of your work machine is the sort of thing that will probably give your IT admins a panic attack if they find out (and is of questionable legality, depending on the licenses of the software you're using).

Third, as others have said: IT will either help you do this or you're not allowed to do this and you shouldn't do it at all.
posted by toomuchpete at 12:16 PM on December 21, 2013

Response by poster: Thanks to the folks who offered actual answers!
posted by IAmBroom at 12:34 PM on December 21, 2013 [1 favorite]

It may take a bit of hassle to get the drivers to work, and provided you keep the machine GUID the same (assuming windows) and the certificate matches the host name it will work.

I answered the question.

Now may I please be allowed to implore you to highly consider not doing this, as you probably signed something at work that states this type of action could result in termination?
posted by Annika Cicada at 2:16 PM on December 21, 2013

Re: keeping GUID the same, that means do not select an option to what was called back in the day to slipstream or shrinkwrap. That means it preserves all the machine information and does not treat the clone as new install of the OS. The idea is that you want to preserve all the information on the machine that is used to identify it on the domain. That also preserves your user directory and attributes.

Now, if you ever have both machines up at the same time connected to the domain you are going to light up a few AD security alerts, be careful.
posted by Annika Cicada at 2:22 PM on December 21, 2013

If it's Windows 7, I can tell you from direct personal experience that after a 100% block-for-block disk clone of a working Windows 7 installation onto a second box of the same make and model with the same hardware options, the cloned copy still needs reactivation.

Windows on a workplace machine will be one of the volume licensed flavours, and these can be set up using either the global default Key Management Server (KMS) setup key or a Multiple Activation Key (MAK) unique to your workplace. Cloning and activating a MAK installation (which you can do from a cmd window using slmgr /ato) will consume one of your workplace's allocated licences. KMS installations automatically perform periodic reactivation, which can only happen when they're connected to a LAN with an available KMS.

Windows 7 will let you run without activation, with some restrictions. Your VPN suite might or might not check for Windows activation.

It's very likely that a cloned Windows installation won't work at all except on a box of the same make and model. Making a Windows installation portable by virtualizing it will deal with the hardware compatibility issue, but all the licensing and activation issues still apply.
posted by flabdablet at 7:54 PM on December 21, 2013 [1 favorite]

If it's OpenVPN, just copy your keys onto another machine. But srsly, why aren't you asking someone at work?
posted by zippy at 1:52 PM on December 22, 2013

« Older Translation from Hawaiian to English of a Hawaiian...   |   Moving 1BR Apt from CT to NC in one week: help? Newer »
This thread is closed to new comments.