Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 546
  • Last Modified:

Ideal Domain Laptop Configuration

Hello experts -

We're getting ready to roll out a slew of laptops in our Windows 2008-based domain. I've burnt myself in Internet searching - I'm really looking for a best-practice situations that will keep our users working smoothly and quickly. Here's our desired configuration:

Folder Redirection for Desktop/Documents/AppData
Offline files enabled for work on Folder Redirect folders when not connected to the network
VPN connections available when out of the office (we have both a Cisco ASA VPN-capable firewall and an SSTP-supporting RRAS server...best option?)
Application Virtualization for the applications on the laptops

I'd like this to be smooth and quick for the users. Can anyone give me some best practices or pointers to a reliable documentation source on this?

Thank you!
0
jmichaelpalermo4
Asked:
jmichaelpalermo4
  • 3
  • 2
1 Solution
 
Netman66Commented:
Tall order.

For starters, Folder redirection and Offline Files can be handled using Group Policy and/or Group Policy Preferences.

For the VPN, the ASA is the way to go.  You can use the legacy VPN client or AnyConnect (pushed from the ASA) - my feelings on this are mixed, but not having a web service facing the Internet from the ASA would seem more secure and that's how you push out AnyConnect.  So if you don't mind the legacy VPN client, it may be more secure but more work for you to deploy.

App-V can be accomplished, certainly - http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/virtualization/app-v.aspx
0
 
jmichaelpalermo4Author Commented:
Netman66 -

Thanks for the reply and advise; I was definitely hoping for a more "big picture" solution - a best practice guide or "here's Microsoft's suggestions on how to roll this whole thing out." (I'm hoping for the 'tall order' from your post ;)

Any thoughts? Thanks!
0
 
Netman66Commented:
Each requirement you listed can be compartmentalized.

Here is a good resource for Folder Redirection:

http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/


The Cisco solution is here using ASDM (the GUI instead of the CLI):

http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdms521.pdf


Everything you want to know about App-V (but were afraid to ask):

http://blogs.technet.com/b/aviraj/archive/2011/08/22/microsoft-application-virtualization-app-v-resources-documentation-videos-amp-best-practices.aspx


What you want is fairly standard for many companies, but understanding the concepts you want to implement is paramount to understanding what you are really asking to do.  In other words, you may have these ideas and we know they are being used out there - but using them correctly is the part that many fail miserably with.  Take time to read up on these things individually and grasp the concept before you start to configure them so that you avoid having to re-configure things when you head down the wrong path.

I could spend countless hours on each topic, but that doesn't help you learn the technologies as they relate to your environment.  Only you can determine what direction to take.

As far as being seamless, you need to create a separate OU with a few test machines inside it.  Apply new Group Policy or Group Policy Preferences to this OU only until you get it correct.  At that point you can link the GPO/GPP to the OU that contains your production workstations (not servers - and not the default Computers container).  This will ensure you don't affect anything until you've tested things.

VPN - same deal.  The ASA can sit behind your router or replace it.  But as long as it's inline with your internet link then it will affect traffic.  Best to config this thing offline with a few test PCs (inside interface and outside interface with VPN client) to get it working before you place it inline - AFTER HOURS!

App-V - is definitely something you have to lab-build and get your configuration perfect before you deploy.  By lab-build, I refer to keeping the server off limits even if it's on the production LAN while you configure it.  Use the separate OU and test workstations in that OU to get your GPOs right before linking them to any production OUs.

Small steps.  Configure/Test/Deploy.

Don't rush.
0
 
jmichaelpalermo4Author Commented:
Thanks Netman66 - this should be enough to get me started. I appreciate the time.
0
 
Netman66Commented:
Thanks!  If you run into anything during your quest, feel free to ask.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now