I ran into a situation today where a remote employee needed to join his Vista laptop to the domain and then log in with is domain credentials. In the past on XP this took a good VPN software and effort on the part of both the information worker and the off-site user. With Vista and the great support for fast user switching I was able to help the user and get him logged on to the domain with a less than ideal VPN software.
The VPN software in question does not support host level VPN tunneling, nor does it support creating a tunnel before logging on. It is completly user mode.
The user logged on locally, created a VPN connection to our domain, joined the laptop with Vista on it to the domain and added some domain users and groups into some local groups on his machine. He then rebooted to complete the workstation join to the domain. Upon reboot he logged back in as the local user. Once logged in locally he created that user-mode VPN connection once again.
He then used the "Switch User" command to log on once again, but this time as a domain user. He logged on, his local profile was created and his credentials cached.
He logged off from that Domain user profile, and back into the local one and rebooted once again.
This time, no network was available, no VPN connection available and he was able to access those cached Domain credentials and log into the domain on his laptop.
Join a domain remotely, log on to that domain for the first time without the ability to create a VPN connection from the logon-prompt. This is a great step forward for remote users.