From what I can tell, you're stuck with the option you have already deployed which is to run the VPN client on all remote devices you wish to have access to the internal network.
An option to explore would be to have a clientless VPN solution. The catch is you're probably going to have to buy a device which supports this feature. Clientless VPN allows a remote user to connect up to a secure web portal via SSL. From that point, the remote user is presented with a web page, after authenticating, which has hyperlinks to applications/resources that user has been given permission to access. The VPN concentrator will proxy the connection on behalf of the remote user.
An option to explore would be to have a clientless VPN solution. The catch is you're probably going to have to buy a device which supports this feature. Clientless VPN allows a remote user to connect up to a secure web portal via SSL. From that point, the remote user is presented with a web page, after authenticating, which has hyperlinks to applications/resources that user has been given permission to access. The VPN concentrator will proxy the connection on behalf of the remote user.