• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 864
  • Last Modified:

Best practices for Laptops in enterprise network environment

Existing Scenario:
Environment: Windows 2000/2003 network, Active Directory, Windows XP desktop workstations and XP laptops ..., one forest, one domain, several site offices, each office has one DC, each office has a different subnet; mobile users traveling between offices.
Users & Workstations: Windows XP only, workstations managed thru AD Group Policy, Group Policy managed softwatre Installation, Roaming User Profiles, Folder Redirection, no local drives visible on workstations etc...,

I am looking for best practices for laptops in such environment. We have several users traveling from office to office and switching from laptops to desktop workstations and vice versa..., (the same user can not see local drive when using a workstation but will be able to see local drive on the laptop)
What is the best setup for such users and laptops ? what profiles should we use - local or roaming profiles ? What is the best practice for software installation on laptops in this environment - Group Policy managed software installation or manual software installation ? Also most of these laptops are interminently connected to our corporate network - sometimes these laptops may not be connected to the network for a few weeks... and users need ability to work offline or over a slow link connection ...

 How to resolve installation problems over a slow link - for example: 192.168.1.1 is a base office for let's say LAPTOP1, the software is installed thru AD GP while the laptop is in a base office (192.168.1.1) then the user goes to the office where the subnet is 192.168.5.1, both offices are connected over a slow link. When the user is in 192.168.5.1 office , some software installation changes exist (for example new software was added to the software installation policy in Active Directory) on the server in 192.168.1.1 office. After refreshing GP on the LAPTOP1 or restarting it the software is being pushed to the laptop, but the problem is that the installation is from 192.168.1.1 over a slow connection - and the user can not do anything until this installation is done... How to avoid situatuions like this ?
Thanks for yor help





0
MisUszatek
Asked:
MisUszatek
  • 4
  • 4
1 Solution
 
rindiCommented:
If you use the syncronization function of XP, the laptop users will still think they are working on the lan. Of course the PC will synchronize during the logon and the logoff periods which will make this take a longer time, but for normal use the amount of data synchronized shouldn't be so much as to make it real bad. You'll have to ensure that the users don't use typical laptop features like hybernate when leaving the company lan, as otherwise the data won't be synchronized, and you'll of course also have to tell them to plan enough time for shutting down the laptop when they leave.

Distribute the software updates on all the subnet servers, so it'll only be replicated between the servers, and the update to workstations happens from the closest server.
0
 
MisUszatekAuthor Commented:
>>> Distribute the software updates on all the subnet servers, so it'll only be replicated between the servers, and the update to workstations happens from the closest server.

We are using Group Policy to push software installations to computers. You have to specify the server name (installation point for software package) in Group Policy settings under Computer Configuration -> Software Installation where the software is pushed from, so it will always be the same server which pushes the software to particular laptop computer not the closest server.
How to achieve so installation will be pushed from the closest server ? is it possible using just the AD Group Policy settings ?

0
 
rindiCommented:
You can probably tell the installation to do that from a mapped drive letter. In your logon script you should now be able to make a mapping to a drive letter of a server that is in the subnet from which the PC is logging on (this must be possible, but I'm no scripter). Then the updates could be made to run from a mapped drive and not a servername...
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
MisUszatekAuthor Commented:
>> You can probably tell the installation to do that from a mapped drive letter.

Drives are mapped after the user logs in to the system, managed software installation starts always before user input, just after the computer starts and there are no drives mapped at that time and the installation will fail. That's way you have to specify server path not the drive letter.....
0
 
MisUszatekAuthor Commented:
That's why you have to specify server path not the drive letter.....
0
 
rindiCommented:
A startup script (not logon script) could map a drive before a user has to do any input.
0
 
MisUszatekAuthor Commented:
will this drive be visible to the user after login?
0
 
rindiCommented:
If you don't do anything about it, yes, but you could make sure it is unmapped when the update is finished.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now