Solved

Ideal Domain Laptop Configuration

Posted on 2012-04-11
5
496 Views
Last Modified: 2012-06-27
Hello experts -

We're getting ready to roll out a slew of laptops in our Windows 2008-based domain. I've burnt myself in Internet searching - I'm really looking for a best-practice situations that will keep our users working smoothly and quickly. Here's our desired configuration:

Folder Redirection for Desktop/Documents/AppData
Offline files enabled for work on Folder Redirect folders when not connected to the network
VPN connections available when out of the office (we have both a Cisco ASA VPN-capable firewall and an SSTP-supporting RRAS server...best option?)
Application Virtualization for the applications on the laptops

I'd like this to be smooth and quick for the users. Can anyone give me some best practices or pointers to a reliable documentation source on this?

Thank you!
0
Comment
Question by:jmichaelpalermo4
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 37836987
Tall order.

For starters, Folder redirection and Offline Files can be handled using Group Policy and/or Group Policy Preferences.

For the VPN, the ASA is the way to go.  You can use the legacy VPN client or AnyConnect (pushed from the ASA) - my feelings on this are mixed, but not having a web service facing the Internet from the ASA would seem more secure and that's how you push out AnyConnect.  So if you don't mind the legacy VPN client, it may be more secure but more work for you to deploy.

App-V can be accomplished, certainly - http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/virtualization/app-v.aspx
0
 
LVL 3

Author Comment

by:jmichaelpalermo4
ID: 37840528
Netman66 -

Thanks for the reply and advise; I was definitely hoping for a more "big picture" solution - a best practice guide or "here's Microsoft's suggestions on how to roll this whole thing out." (I'm hoping for the 'tall order' from your post ;)

Any thoughts? Thanks!
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 37840611
Each requirement you listed can be compartmentalized.

Here is a good resource for Folder Redirection:

http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/


The Cisco solution is here using ASDM (the GUI instead of the CLI):

http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdms521.pdf


Everything you want to know about App-V (but were afraid to ask):

http://blogs.technet.com/b/aviraj/archive/2011/08/22/microsoft-application-virtualization-app-v-resources-documentation-videos-amp-best-practices.aspx


What you want is fairly standard for many companies, but understanding the concepts you want to implement is paramount to understanding what you are really asking to do.  In other words, you may have these ideas and we know they are being used out there - but using them correctly is the part that many fail miserably with.  Take time to read up on these things individually and grasp the concept before you start to configure them so that you avoid having to re-configure things when you head down the wrong path.

I could spend countless hours on each topic, but that doesn't help you learn the technologies as they relate to your environment.  Only you can determine what direction to take.

As far as being seamless, you need to create a separate OU with a few test machines inside it.  Apply new Group Policy or Group Policy Preferences to this OU only until you get it correct.  At that point you can link the GPO/GPP to the OU that contains your production workstations (not servers - and not the default Computers container).  This will ensure you don't affect anything until you've tested things.

VPN - same deal.  The ASA can sit behind your router or replace it.  But as long as it's inline with your internet link then it will affect traffic.  Best to config this thing offline with a few test PCs (inside interface and outside interface with VPN client) to get it working before you place it inline - AFTER HOURS!

App-V - is definitely something you have to lab-build and get your configuration perfect before you deploy.  By lab-build, I refer to keeping the server off limits even if it's on the production LAN while you configure it.  Use the separate OU and test workstations in that OU to get your GPOs right before linking them to any production OUs.

Small steps.  Configure/Test/Deploy.

Don't rush.
0
 
LVL 3

Author Closing Comment

by:jmichaelpalermo4
ID: 37852670
Thanks Netman66 - this should be enough to get me started. I appreciate the time.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 37852692
Thanks!  If you run into anything during your quest, feel free to ask.
0

Featured Post

Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Lithium-ion batteries area cornerstone of today's portable electronic devices, and even though they are relied upon heavily, their chemistry and origin are not of common knowledge. This article is about a device on which every smartphone, laptop, an…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now