Webcast Recap: PDQ & A - August 2020

Black and White PDQ logo
PDQ|Updated May 17, 2021
PDQ Link & A
PDQ Link & A

Since the time of this post, PDQ.com has begun offering a remote connection utility called RAS VPN Setup Wizard. The RAS VPN Setup Wizard is free for all users but is not supported by PDQ.com. RAS VPN Setup Wizard enables remote users to connect to your network and access internal resources anywhere they have connectivity, much like a traditional VPN, but without the typical troubles that come with most hardware and software VPN issues. RAS VPN Setup Wizard uses already existing Microsoft Server Roles RAS (Remote Access Server) and NPS(Network Policy Service) to form a connection between your remote users and your office. It connects your users automatically on their logon. RAS VPN Setup Wizard will help you stay connected to your remote workforce.

PDQ Link is a tool to help facilitate access to LAN resources for your end-users anywhere they have internet access. PDQ Link works with or replaces your existing VPN. In this webcast, Josh walks you through how it works and how it will help keep you connected to your remote machines and workforce.

  • Server Side Installer. Pre-Req check. This requires Server 2012 r2 or later, RAS module available (If it is already set up on this server it will be overwritten), and that it is joined to an AD domain: 1:11

  • Configuration options. AD Group - This can be a default group or one you create, it must be a user group. Users in these groups are the ones allowed to connect to Link. 1:44

  • Client configuration. Connection Name - What does it look like on the client machines. Server hostname - The external name used to connect 3:10

  • Installation. This can take a while. If any errors are thrown you need to correct then re-run the installer. If it partially succeeded there will be warnings you need to ignore/confirm in the pre-req check. 4:05 

  • Summary/Server Complete. Save client installer. 9:42

  • Client Installer. After install, the client will connect automatically. 11:00

  • Creating a silent install deploy package for the PDQ Link Install. (Hint: /qn… and you’re done.) 13:38

  • Creating a collection to track which machines have PDQ Link installed. 14:20 

  • Potential speed bumps. 15:15 

Q & A

  • Question: How is this product different than an always on VPN? Is there a reason to use another VPN in conjunction with PDQ Link? 6:46

  • Question: Does the link "agent" on the workstation work if the remote computer is not logged on with an AD user account? 8:28

  • Question: Is there the option now, or will there be the option in the future, to enable any sort of 2-factor authentication? 10:35

  • Question: 2FA is supported for AD, but what about with Azure and Conditional Access Policies? 17:03

  • Question: How do I configure DHCP if I'm running it from another server? 17:32

  • Question: Do I need to make any changes to my DNS or DHCP setup to use PDQ Link? 18:57

  • Question: Just saw that Microsoft released a critical patch (KB4578013) to fix a flaw in Windows Server 2012 R2 yesterday that's making some news that is specific to RAS. Is it possible that this could interfere with the PDQ Link setup process since it is based on RAS? 19:57

  • Question: Are there any plans to make the client load in a minimized state and have the ability to lock it down so users cannot disconnect? 21:04

  • Question: Is there a way to auto-reconnect and remove the user's ability to disconnect the VPN? 21:53

  • Question: I work at a school. If we put this on student computers that are at home, is there a way to block access to everything else on the network, but allow us to patch their computers from PDQ Deploy? 22:54

  • Question: How many clients can be connected at once? 24:39

  • Question: How will this work if I have an existing VPN? 27:37

  • Question: What do I have to do if I already use a VPN and just want my clients to be up to date (even without signing in with the other VPN client)? 27:58

  • Question: Will it be possible to use a different port than 443? (security and if port is already used) 29:38

  • Question: A question about that 443 port forward rule - how about reverse-proxy? That should work, right? 30:09

  • Question: Is it possible to apply Link to machine accounts so we can get pre-login patch capabilities? 30:37 

  • Question: How about Mom & Dad companies with 5-10 people without a server, but a workstation used as a "server"? 31:09

  • Question: What about HA configuration for this product? What about load balancing? 31:30

  • Question: Can we control what resources (IP addresses and ports) that a remote computer has access to in the local network? 32:01

  • Question: Can we set it up so it can only manage devices/use PDQ Deploy and Inventory with remote devices? 32:36

  • Question: Does PDQ Link use IPv6 or IPv4? Will there be something in the future to allow PDQ Deploy and Inventory to go though a Direct Access Connection? 33:27

  • Question: Can you set a DNS suffix so that it won't connect while on a domain network? 34:17

  • Question: Will Link be free forever, or just in 2020? 34:35

  • Question: I was piloting an always on device tunnel with MS built-in VPN. It works, but I have issues with DNS staying updated. Does PDQ Link have issues keeping DNS up to date? With the DNS issues I saw with MS always on VPN, it made it somewhat cumbersome to push patches with PDQ and WSUS. 34:56

  • Question: I'm trying to install Link on my Inventory/Deploy server. Getting error messages at the configure RAS portion. It's barking about the PFX having an incorrect password or membership to AD principal is protected. I tried using our GoDaddy signed wildcard cert and self-signed cert from Link, both failed. 36:01

  • Question: Will a route need to be established to push WSUS patches through Link? 36:46

  • Question: Can Link live in the cloud? 37:19

  • Question: What's the setup if we have two AD forests? Would we set up PDQ Link on each forest? 37:37

  • Question: If you already have an RRAS server or an NPS server on your network, do you need to worry about that as long as you set up the PDQ Link server on a new, separate server? 38:19

  • Question: How would you handle workgroup laptops with PDQ Link? 38:43

  • Question: Is there any session / access logging with PDQ Link? 39:28

  • Question: Can PDQ Link run on the same server as PDQ Inventory and Deploy? 39:55

  • Question: Do the DHCP addresses need to be routable when you set up an IP address range? 40:09

  • Question:  We have multiple Offices that have hardware VPN links. Can we have multiple Link servers set up in different offices which use the same groups? We find the traffic works out better when they connect to their local office. 40:30

  • Question: Will each client have their own unique cert, or will they be using the same wildcard/self-signed cert? 41:54

  • Question: How does the client handle certificate renewals? Does it do a full cert chain check, so if we're using a public cert, it's all good to go? If you're using self-signed, do you need to deploy a new client package when updating? 42:51

  • Question: We already have a standalone server running PDQ Deploy and PDQ Inventory. Is it recommended or advised to run PDQ Link on the same server? 43:31

  • Question: If someone chose to install this on their PDQ Inventory/Deploy server for 200 computers, how much additional resources should be allocated to the server for Link? 44:08

  • Question: Have you guys tested this in conjunction with Network Policy Server extension for Azure to allow MFA? 44:38

  • Question: May want to point out, if you create a new install, you want to use the existing cert otherwise your clients will fail the connection in NPS when their certs are the old cert. Prevent gnashing of teeth. 44:51

  • Question: Any configuration options for the client, such as disabling tray icon/disallowing the disconnect option/setting retry interval/etc? 45:19

  • Question: Does the VPN connection show up in the Windows VPN settings? What happens if the user tries to connect from there instead of the PDQ Link GUI? 45:40

  • Question: When I installed it last night, it killed wscsvc and I can't get it back. This ultimately caused my AV software to not start. Anyone else have this issue? I'm on Server 2019 DataCenter. 46:04

  • Question: How do you specify which VLAN for DHCP to hand out? 46:35

  • Question: Can we install the server part of PDQ Link on Windows Server Core, i.e. - no GUI?47:04

  • Question: What are your favorite things about Link (that it's just a starting point? That you don't need to make changes to DNS/DHCP? etc?)? 47:22

  • Question: What is the essence of the difference between PDQ Link and simply setting up NPS and Remote Access manually and using the built-in Windows VPN client? 48:01

  • Question: If we have a VPN handling DHCP with 24 hour leases, will that mess up Link at all? DNS on each machine is still checking back to the same DNS/DHCP server, but the actual lease per machine is being brokered from the VPN appliance. 48:34

  • Question: Sorry, I missed much of this. Could this be used to update AD user passwords on devices that were taken home? 49:41

  • Question: Firewall considerations? Other than port 443 forwarding, is there anything we need to open up in our NG Firewall (we use Untangle)? 50:09

  • Question: Is there any issue with running Link on a virtual server? Clustered or non-clustered? 50:44

  • Question: We use a SonicWALL firewall to handle DHCP. Will Link be able to pass DHCP to the firewall or does it only work with MS server DHCP? 51:01

  • Question: If I don't have any experience with DMZ stuff, how dangerous is it for me to try to set this up on my own? Do I need to get a network guru to configure that beforehand? 51:24

  • Question: Can the client be run from anything other than Windows (Mac, iPad, Android, etc.)? 52:16

  • Question: For DHCP, sounds like we want to forward requests to the server from the firewall on a separate NIC that's on the VLAN you want the computers to use that connect via Link, so VPN computers don't get an IP in a server VLAN? 52:29

  • Question: Is it possible to configure the client only, if I already have an RRAS VPN setup? 52:57

  • Question: Is there a future plan for PDQ Deploy and Inventory to be web-based? I would like to be able to use it on my MacBook. 53:28

  • Question: When we install PDQ Link, we can only see computers on, but not 192.168.1-3.0/22. What are we missing or where can we configure this routing? 53:44

Recap Complete

Thanks for checking in and catching up. As always, make sure you tune in live every Thursday at 10 am MST.

See you soon!

Black and White PDQ logo

PDQ is the best way to have healthy, up-to-date machines automatically. Streamline your patch management and software deployment processes — whether you manage 15 machines or 15,000.

Related articles