Solved

Laptops, Offline files and VPN access

Posted on 2006-07-05
14
507 Views
Last Modified: 2008-01-09
Hi! Is there something I need to think about when attaching laptops to the SBS network?
I specifically think about offlinefiles (my documents) and access to Exchange folders.

Let's say it's three laptops.
1 would 90% of time being connected to the network through VPN from a remote office.
1 would mostly being attached physically on the network but sometimes from remote, for example dial-up from mobile, or from private home. always with vpn when remote
1 would be fifty fifty home and away. Always with vpn when remote

0
Comment
Question by:dingir
  • 7
  • 5
  • 2
14 Comments
 
LVL 1

Expert Comment

by:Deltapc-techies
ID: 17042591
Im not sure what it is you want to know? Can you tell me more please ?
0
 
LVL 1

Author Comment

by:dingir
ID: 17042759
Hi!

I'm not really sure what I need to ask. I think I need some general information. The point is that they also would use the machines without any internet connection available or any errors on the connection on the head office. Questions like:

1. Can they login even thought they aren't connected to the network? With and without vpn?
2. Can they access all there my documents even if they aren't connected anywhere?
3. How does Outlook behave when not connected? Does it send mail anyway or waiting until it can reach the Exchangeserver?
4. Syncronizing between a workstations outlook (if not connected to the exchange server) and webbaccess used instead?

0
 
LVL 1

Expert Comment

by:Deltapc-techies
ID: 17042849
Hope this helps

1 Yes
2 As long as the my docs are syncronized to a folder on the server initinally.
3 If it cannot connect ot the Exchange it will just work offline. When a VPN/Network connection is restored it will reconnect and sync. It will only send when online. If you compose offline then it will sit in the Outbox until a connection is made (VPN etc).
4 Outlook will not sysn on the laptop just via web access.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17043235
The above answers that Deltapc-techies provided would work if and only if the Laptop was joined to the domain.  (Actually with the exception of #4, which I don't really understand what you are asking there).  Also, in order for the My Documents to be synched properly, you need to have run the My Documents Folder Redirection Wizard.

I would suggest that to provide greater availability for email that you configure Outlook via the Internet (RPC over HTTP).  This will allow Outlook to function on-line without the need for a VPN connection... just a standard Internet connection.  There are specific instructions for how to configure this available in your Remote Web Workplace main menu (http://<servername>/remote).  If you do not see them there, then you did not enable the option for Outlook via the Internet when you ran the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email).  You can just rerun the CEICW to fix this.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:dingir
ID: 17048967
Hi Delta and Tech!

1. Good. Not shocking but important to be sure. It's much more complicated when users are 60 miles away, can't login and says "i did nothing, nothing happens, it just don't work"  :-).

2. Nice. but how do I set up the my documents folder for offline sync? As I can see now, if the server going down, the my documents is unavailable. I can't find any options for offline-files In the My documents folder redirection wizard. Except offline-files that part works perfect. Where do I best activate this? Offline-files should only affect laptop. Should I set this in a specific "Laptop-GPO" linked to computers in an "Laptop-Security"-group or something?

3 Thank's. It's important to know exactly what to say to the users, when they ask about it :-). I will check connecting Outlook remote with RPC over HTTP! Two of the users are using thiere mobilphones for sending and recieving mail. That's an important part that they could do that even with SBS. So long I have POP boxes theres a bonus from today, if I could make them send and recieve mail from thiere mobilephones and it's being syncronized with Exchange.

4. I mean that how the syncronizing will behave when mails have been changed and added from two difference sources since last syncronize.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17050965
For #2... running the My Documents Folder Redirection Wizard (as I described above) will automatically set the workstation/laptop to be configured for Offline File caching and synchronization.  It's generally a good idea to allow it to happen on workstations as well... just an extra backup that can't hurt to have.

I'm confused about what you say by "so long I have POP boxes"???  There should be no need for those... there's always Outlook Web Access if they want to check email from ANY computer.

Outlook will automatically synchronize the local cached mailbox to what is on the server each time a user connects.  There is no need for a user to manually do anything for this.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:dingir
ID: 17070983
Hi Jeff!

Now where running on new server.

There some problem with #2. I've done that part, trust me! But the computers won't make the My Documents offline! Also everyone seems to have access to each users my documents psyically folder (USER-rights on all of them). Maybe an affect of that I moved the USERS share to a new drive.

There are four computers that have configured themself for offline files for my documents, handy enough they all four are Laptops. The problem instead is that they also try to sync with the old server, even if it's not available anymore.

0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17071041
I'm sure it's because you moved the USERS share to a new drive, and you probably didn't follow the instructions in this paper:  http://sbsurl.com/movedata which instructs you to use XCOPY to move the folders because then the ACLs are moved as well.

Now you also state that you migrated the server which makes your question entirely different...

How did you migrate to this new server?  Because this may not be your only problem if yo udidn't do it correctly.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:dingir
ID: 17071185
Hi!

I've readed and follow a document / post wroted by you about how to move USERS datafolder. It didn't exist any users On the time for moving the USERS share. All folders (and users) was created  after that. If ACL is the problem it might be that I also should have copied the USERS folder itself with XCOPY? However this is a problem.

Migrated? Did I migrate the server? I haven't :/. I was disconnecting all clients from the old server, copying all data from old server to new server within the server itself, joined all clients to the new server. You mean that the old server was still connected on and after this point? The old server had only got connection to the new server and/or clients through manual copying of files through \\oldserver-ip\share.

0
 
LVL 1

Author Comment

by:dingir
ID: 17071196
I also need to comment that three of the laptops (mainly needs offline-files configured) are leaving the office today. Therefore the offline-part is mostly important.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17074380
ahhh... now I remember our conversation:  http:Q_21829562.html

You are now unfortunately living with the results of not planning the migration properly.

It doesn't matter that there were no users created yet when you moved the \USERS share.  Because it's the share permissions that would first be important.
You need to fix this first.

On the Share Permissions, the Following should have all of the Allow boxes checked:
Domain Admins
Domain Users
Folder Operators

On the Security Tab, click Advanced, and uncheck the "allow inheritable permissions..." box.  Click Remove when the warning pops up and then..

the following should have FULL CONTROL for This Folder, subfolders and files:
Domain Admins
Folder Operators
SYSTEM

Then, add Domain Users, This Folder and Files with these checked:
Traverse Folder/Execute File
List Folder/Read Data
Read Attributes
Read Extended Attributes
Create Folders/Append Data
Read Permissions

Then to reset all of the user folders, open the Security Management Console > Users and click the Change User Permissions link.  Run this wizard for each user template you have used for any group of users.

That should correct the permissions.

NEXT:
Were these computers joined to the new domain using the connectcomputer wizard?  (http://<servername>/connectcomputer?

If they were, then you should just run the My Documents Folder Redirection Wizard

If they were not, you must correct this problem by doing the following:

The following needs to be done with the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5.  Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:dingir
ID: 17079262
Hi Jeff! Thank you for a long and serious answer! As always :-).

RIGHTS
I turned some of the dirs to en expert who managed the permissions, the "Change user permissions"-wizard couldn't affect those folders who was changed. After that I've tried your set-up of permissions. That's solved the wizard-problem but all users still can get access to the my documents folder, after some folders I get that i shouldn't take ownership (as administratorS) of ALL files and subfolders (just only the folder itself). So.. the last 3 of 7 folders is "protected" but the others don't.

OFFLINE-THING
All computers are connected using this connectcomputer thing (also the old server who's now reinstalled as a terminal server through the MS guide for adding a TS to a SBS network). Our expert was locating offline-files who referred to the old server on every clientmachine in network! We just removed all those and restarted.

Then the old servername dissapperad completely from all offline-situations. The problem still appear is that when a users logs on, it will get disconnected from the new server. The user has (every time) to manually rightclick and connect to the server (because it Is available).
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17079344
The Chenge User Permissions wizard won't work unless you have the FOLDER OPERATORS with FULL CONTROL.  Also, the My Documents folder needs to be owned by the user themselves.  However, this is usually taken care of by the wizard.

I should have included the RIGHT way to reset the offline folder cache... you can't just delete the files... it won't work.  The folder will get corrupt.  You need to reinitialize it by going to My Computer > Tools > Folder Options > Offline FIles.  Then, hold down the CTRL and SHFT key while clicking the Delete Files... button.  You will get a warning asking if you want to reinitialize the folder to which you click Yes.  You must then reboot the workstation.

Regarding the old servername... you must have kept your domain name the same???  The only way this can happen is if you use the www.sbsmigration.com swing method to migrate to your new server.  It seems as though you never removed the workstations from the old domain, and just joined them to the SBS with connectcomputer.  Honestly, I don't know what kind of mess this would make... I've never attempted that, and dont think I want to find out, actually.  :-)

So, I would still follow the steps above to remove, RENAME and rejoin the workstations to see if it will straighten all of this out. If it doesn't you may be needing to completely reinstall your server and rebuild the network entirely.


Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:dingir
ID: 17081407
Hi Tech! No this tasks is completed! I've fix that offline-thing with CTRL+SHIFT when deleting contents. The old server name was completely dissapperared. I take this question as solved! Thanks a Lot.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now