Solved

Ideal Domain Laptop Configuration

Posted on 2012-04-11
5
533 Views
Last Modified: 2012-06-27
Hello experts -

We're getting ready to roll out a slew of laptops in our Windows 2008-based domain. I've burnt myself in Internet searching - I'm really looking for a best-practice situations that will keep our users working smoothly and quickly. Here's our desired configuration:

Folder Redirection for Desktop/Documents/AppData
Offline files enabled for work on Folder Redirect folders when not connected to the network
VPN connections available when out of the office (we have both a Cisco ASA VPN-capable firewall and an SSTP-supporting RRAS server...best option?)
Application Virtualization for the applications on the laptops

I'd like this to be smooth and quick for the users. Can anyone give me some best practices or pointers to a reliable documentation source on this?

Thank you!
0
Comment
Question by:jmichaelpalermo4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 37836987
Tall order.

For starters, Folder redirection and Offline Files can be handled using Group Policy and/or Group Policy Preferences.

For the VPN, the ASA is the way to go.  You can use the legacy VPN client or AnyConnect (pushed from the ASA) - my feelings on this are mixed, but not having a web service facing the Internet from the ASA would seem more secure and that's how you push out AnyConnect.  So if you don't mind the legacy VPN client, it may be more secure but more work for you to deploy.

App-V can be accomplished, certainly - http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/virtualization/app-v.aspx
0
 
LVL 3

Author Comment

by:jmichaelpalermo4
ID: 37840528
Netman66 -

Thanks for the reply and advise; I was definitely hoping for a more "big picture" solution - a best practice guide or "here's Microsoft's suggestions on how to roll this whole thing out." (I'm hoping for the 'tall order' from your post ;)

Any thoughts? Thanks!
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 37840611
Each requirement you listed can be compartmentalized.

Here is a good resource for Folder Redirection:

http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/


The Cisco solution is here using ASDM (the GUI instead of the CLI):

http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdms521.pdf


Everything you want to know about App-V (but were afraid to ask):

http://blogs.technet.com/b/aviraj/archive/2011/08/22/microsoft-application-virtualization-app-v-resources-documentation-videos-amp-best-practices.aspx


What you want is fairly standard for many companies, but understanding the concepts you want to implement is paramount to understanding what you are really asking to do.  In other words, you may have these ideas and we know they are being used out there - but using them correctly is the part that many fail miserably with.  Take time to read up on these things individually and grasp the concept before you start to configure them so that you avoid having to re-configure things when you head down the wrong path.

I could spend countless hours on each topic, but that doesn't help you learn the technologies as they relate to your environment.  Only you can determine what direction to take.

As far as being seamless, you need to create a separate OU with a few test machines inside it.  Apply new Group Policy or Group Policy Preferences to this OU only until you get it correct.  At that point you can link the GPO/GPP to the OU that contains your production workstations (not servers - and not the default Computers container).  This will ensure you don't affect anything until you've tested things.

VPN - same deal.  The ASA can sit behind your router or replace it.  But as long as it's inline with your internet link then it will affect traffic.  Best to config this thing offline with a few test PCs (inside interface and outside interface with VPN client) to get it working before you place it inline - AFTER HOURS!

App-V - is definitely something you have to lab-build and get your configuration perfect before you deploy.  By lab-build, I refer to keeping the server off limits even if it's on the production LAN while you configure it.  Use the separate OU and test workstations in that OU to get your GPOs right before linking them to any production OUs.

Small steps.  Configure/Test/Deploy.

Don't rush.
0
 
LVL 3

Author Closing Comment

by:jmichaelpalermo4
ID: 37852670
Thanks Netman66 - this should be enough to get me started. I appreciate the time.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 37852692
Thanks!  If you run into anything during your quest, feel free to ask.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question