I am looking for answers from someone that has set up VPNs. I have
read every MS How-to on VPNs, read numerous web sites, and read many
books about VPNs, but I had some simple questions on every day use.

I have correctly set up a PPTP VPN server on a SBS2003 server.  This
server is also DHCP, DNS, and WINS in addition to the other SBS roles.
I have a DLink DI-624 router at both locations with TCP port 1723
forwarded to the SBS2003 server.
Users can connect to the server from the remote site, but I was hoping
to get more assistance & some guidance. Local side is DSL @ 384/384,
remote is T1.

My questions are:

1.) Should I remove DHCP and just use static IP addresses since I only
have two remote XP boxes, the server, two printers, and two local XP
boxes?  We seem to be running into issues where somehow the remote XP
boxes are sometimes being given IP addresses that are in use at the
main location and it kills connectivity for them when they connect via
VPN. (I think it may be DHCP from the remote router, but my tech says
he changed DHCP scope on router to 192.168.0.200 - 192.168.0.225,
remote XP boxes still get a 192.168.0.1xx address.)

1a.) If static addresses - should both sides be on same subnet?
(192.168.0.x) or on separate subnets? (local 192.168.0.x and remote
192.168.1.x)

2.) I have not tested the remote side completely.  I would like the
remote users to log onto the domain on the SBS2003 server.  The two
remote XP boxes are members of the domain.  Do I just need to create
the VPN connection for all users, and then select [x] Log on through
dial up connection on the logon screen?

2a.) Should I use the registry entry to keep the VPN connection up
even after a user logs off?

3.) Should the remote users be able to do everything that users on the
local side can do but just slower? (logon, print to network printers,
use server based apps, remote desktop, etc.)

4.) Any "in the trenches" advice would be appreciated!

Thanks!

Based on the information that you have provided, I am assuming that
you are not looking to bridge the 2 networks over a VPN connection -
simply have each remote XP machine access the Home Office.

1) Personally, I would use DHCP where ever possible with the exception
of routers, DNS and WINS servers.  It just makes for easier management
- even if it is a smaller number machines.

I can see a potential problem with the configuration if you have the
same subnet at both locations.  On the remote XP machines you have an
ip address assigned to it... lets say 192.168.0.10 (Issued by the
remote router or DHCP Server).  When that machine opens a PPTP
connection to the Server - the PPTP adapter will get an IP address as
well... lets say 192.168.0.20(Issued by the SBS2003 server).  With
this configuration - the remote XP machine has 2 network adapters on
different networks but have the same IP Segment.  The remote XP client
will not know which adapter to use for either network and will drop
the connections.

Set the remote site to use 192.168.1.x.  This will allow for the
remote XP Clients to have 2 network adapters with different network
segments.  You will find this to work much easier.

2) To allow for users to authenticate against the domain at logon
time, there will need to be a connection to the Domain Controller. 
This should work by using the dial in option for login (I haven't
personally tried this - But it should work)  Also, it is possible for
users to login to a machine with a domain account w/o the domain
controller - They would be logging in with cached credentials.  I
would try and avoid the log in with cached credentials approach
because it adds to the complexity and creates problems when a
different user wants to log in remotely and password synchronization
is a nightmare.

2a)  If the user is required to use the login with dial-up, there is
no need to maintain that connection after the user logs out.  Unless
you would like to be able to do remote admin tasks on the computer. 
However, I don't know how that would work with a connection already
being open and a user attempts to logon with dial up connection... may
be a point of conflict.

3) Once the Remote XP machine gets an IP on the Home Network.  they
should be able to do everything a normal user on the home network is
able to do.

4) If you have a remote office with any number of machines - to avoid
some of the problems that you are being faced with - I would look into
a remote router that can setup a L2TP connection to the Home Network. 
Essentially you will have the router handling the Tunnel between sites
and all clients would automatically be able to access the SBS2003
server without all the dialup logon.  However - Cost becomes an issue
when looking at these types of solutions.

-JB