First some basic info:
3 offices and a Windows 2003 Active Directory Domain. All Windows XP SP2 Workstations and laptops.
The Main Office has subnett of 192.168.2.0/24 and a domain controller named "server".
The Home Office has a subnett of 192.168.3.0/24 and no domain controller.
The Branch Office has a subnett of 192.168.5.0/24 and a domain controller named "server-2".
All offices are linked via IPSEC VPN, main office has T1 and other office have DSL.
All users have Roaming Profiles, and My Documents Folder Redirection. There are Software Policies, the MSI packages are located on "server".
The Main Office has been up for almost 6 months now, and the home office has been logging in via VPN since then, as a result the home office has slow login time and slow access to My Documents and Shared Drive. They currently accept that and live with it.
A new brach office has just been added in, I placed a domain controller named "server-2" and assigned it to a diffrent site in Active Directory. Currently the sites are as follows:
The branch office will have it's own set of users, some computers from the main office will be moved to the branch office. Some users will work in both offices.
What is the most effecient setup/design so that users in the BranchOffice will not have slow logon, slow access to My Documents, the Shared Drive and so that users in both offices have a decent speed when accessing thier stuff?
Also, is it possible to have the software policies "choose" the closet server? Would I place the software packages on both servers?
Is it possible to have policies that are applied on a site only basis with having to create computer groups?