Admins : how do you handle take home laptops and domain connectivity?

cyr0n_k0r

Supreme [H]ardness
Joined
Mar 30, 2001
Messages
5,360
How are others handling connectivity with an active directory domain when a user takes their laptop home for the day or weekend?

If you are using roaming profiles I'm even more interested as this is something that I haven't been able to come up with a solid policy.

Ideally I want users to be able to get into their take home laptop using AD credentials when not actually at work and without VPN and all that nasty stuff.
I really don't want them logging in through a local account on the laptop just to be able to get in and work on the weekends.

How are others doing this?
 
I have lots of clients that have a group of laptop users, they take the laptops home. You don't have to be connected to the office network to still log into the laptop with the same profile, it has cached credentials. Login as just like they were at the office..just mapped drivers or network printers aren't available.

I will have Outlook setup for Outlook over HTTP.

I have antivirus set to update either from the WAN IP of the office, or from the vendors public update servers..so the laptops maintain definitions if out of the office for extended periods of time.

I don't do roaming profiles on laptops....generally dislike roaming profiles even for desktops.
 
Offline files could work too, though syncing them among multiple users could cause a lot of headaches
 
everyone where I work has admin rights to their pcs. we make everyone remote in with their laptops and connect to their desktop over vpn. I would be horrified at what would happen if we let everyone have their standard domain access from their unsecured home network.
Posted via [H] Mobile Device
 
I got a few users that take thier laptops home.

I do not have a VPN setup so they use the web browser or their iphones to get their email off site.

I would LOVE to pull the plug on take home laptops. One guy used to let his kids use it, so I made him a limited user so he couldn't install anything:)

When they come back they sync back up for any file changes.

Has been working well.
 
I was unaware that the domain caching worked that well.
So provided a user has logged in at least once on the domain, they can take their laptop home and still log in to the "domain" with their domain credentials and it will let them into the laptop?

We do folder redirection for my documents, so how would that work? Would the documents folder still contain all their files, allow them to change things.. and then when they get back to the domain on Monday morning folder redirection would re-initialize and re-sync the files up to the server?
 
yes, once they log on to the computer once, it will cache the credentials, so they can log in again off the network.

as for folder redirection; all you would need to do with the folder is "Make available offline"
this will download a copy of all the files onto the computer, so when they are not on the network, they still have access to the files.

if anything has changed the next time they log in when they are on the domain, the files will get synchronized with their network storage
 
I was unaware that the domain caching worked that well.
So provided a user has logged in at least once on the domain, they can take their laptop home and still log in to the "domain" with their domain credentials and it will let them into the laptop?

Yup...I like them to do at least one complete reboot and log in again while on the domain before taking it off the network...they can go away for quite a while without having to log into the actual network again. Heck, one of my home workstations that I'm typing from right now, it was joined to a domain server I built years ago and I haven't had that server running in near 3 year now, but my workstation here..still a domain login.
 
that's one thing about being off the network; the GPO's won't apply. Now, if the laptop is their only workstation, it's no big deal.

but, for people who may have a desktop, and laptop is only used for travel; if their domain password is changed, obviously the laptop will continue to want the old password as it doesn't know the new one. So it would need to be hooked up to the network and logged on to again, to cache the new password.

and another note; if the user only puts the laptop into sleep or hibernate, then they come to work Monday morning, plug in to the network, wake it up; they may not have access to network resources, due to the laptop not authenticating with the DC. In this case, the user would need to simply log off and back on.
 
I have multiple users with a laptop as their primary system. Works just fine. My Docs are redirected to the network and made available offline by default. They can make any other network folders they need available offline as well. Outlook syncs w/ RPC over HTTPS. AV is set to update first from our centralized server, then fall back on direct updates from ESET. With Exchange 2007 you can even proxy file server access through OWA.
 
Back
Top