I realise this question is very old but thought I'd add a method for anyone that stumbles across it.
@echo off
:: Connecting to VPN...
rasdial "VPN Name" user pass
echo Running RDP...
"Connect to Server.rdp"
echo Finished - disconnecting from VPN...
rasdial "VPN Name" /disconnect
Rasdial is builtin to Windows and is used to connect and disconnect. Replace "VPN Name" with whatever you called your VPN connection when you set it up. Replace 'user' and 'pass' in the first line with the actual username and password to connect to the VPN (even if you chose to have the credentials saved when you created the VPN, Rasdial requires you enter them).
Because batch scripts run synchronously rasdial will complete connecting to the VPN before opening the RDP file, and the whole time the RDP session is open the batch script will be waiting. As soon as the RDP session is closed the final command will run to disconnect the VPN. Simple!
I tend to put a shortcut to the batch script on the desktop and change its icon to the normal RDP one (from C:\Windows\System32\mstsc.exe). You can choose to start the script minimised if you don't want the user seeing the cmd window, but I like to leave it visible so they can see if there are any errors when connecting to the VPN.
Are you in control of the VPN? – James Mertz – 2012-03-27T15:45:52.620
No but can request some changes if necessary. Why? – Josh Newman – 2012-03-27T15:47:25.357
Depending on how the VPN is setup traffic may not be routed through the tunnel unless it's for specific resources within that virtual network. Ultimately, no matter what the setup is your user will have to take the responsibility of turning off the tunnel. – James Mertz – 2012-03-27T15:51:30.103
Ok thanks - the disconnection was the key part. So I'll look at routing only RDP traffic through the VPN in case they leave it connected. Apparently if I uncheck ‘use default gateway on remote network’ under TCP/IP settings for the VPN, that should do it. – Josh Newman – 2012-03-27T17:52:48.340