Ideal Domain Laptop Configuration

Hello experts -

We're getting ready to roll out a slew of laptops in our Windows 2008-based domain. I've burnt myself in Internet searching - I'm really looking for a best-practice situations that will keep our users working smoothly and quickly. Here's our desired configuration:

Folder Redirection for Desktop/Documents/AppData
Offline files enabled for work on Folder Redirect folders when not connected to the network
VPN connections available when out of the office (we have both a Cisco ASA VPN-capable firewall and an SSTP-supporting RRAS server...best option?)
Application Virtualization for the applications on the laptops

I'd like this to be smooth and quick for the users. Can anyone give me some best practices or pointers to a reliable documentation source on this?

Thank you!
LVL 3
jmichaelpalermo4Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Netman66Commented:
Tall order.

For starters, Folder redirection and Offline Files can be handled using Group Policy and/or Group Policy Preferences.

For the VPN, the ASA is the way to go.  You can use the legacy VPN client or AnyConnect (pushed from the ASA) - my feelings on this are mixed, but not having a web service facing the Internet from the ASA would seem more secure and that's how you push out AnyConnect.  So if you don't mind the legacy VPN client, it may be more secure but more work for you to deploy.

App-V can be accomplished, certainly - http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/virtualization/app-v.aspx
0
jmichaelpalermo4Author Commented:
Netman66 -

Thanks for the reply and advise; I was definitely hoping for a more "big picture" solution - a best practice guide or "here's Microsoft's suggestions on how to roll this whole thing out." (I'm hoping for the 'tall order' from your post ;)

Any thoughts? Thanks!
0
Netman66Commented:
Each requirement you listed can be compartmentalized.

Here is a good resource for Folder Redirection:

http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/


The Cisco solution is here using ASDM (the GUI instead of the CLI):

http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdms521.pdf


Everything you want to know about App-V (but were afraid to ask):

http://blogs.technet.com/b/aviraj/archive/2011/08/22/microsoft-application-virtualization-app-v-resources-documentation-videos-amp-best-practices.aspx


What you want is fairly standard for many companies, but understanding the concepts you want to implement is paramount to understanding what you are really asking to do.  In other words, you may have these ideas and we know they are being used out there - but using them correctly is the part that many fail miserably with.  Take time to read up on these things individually and grasp the concept before you start to configure them so that you avoid having to re-configure things when you head down the wrong path.

I could spend countless hours on each topic, but that doesn't help you learn the technologies as they relate to your environment.  Only you can determine what direction to take.

As far as being seamless, you need to create a separate OU with a few test machines inside it.  Apply new Group Policy or Group Policy Preferences to this OU only until you get it correct.  At that point you can link the GPO/GPP to the OU that contains your production workstations (not servers - and not the default Computers container).  This will ensure you don't affect anything until you've tested things.

VPN - same deal.  The ASA can sit behind your router or replace it.  But as long as it's inline with your internet link then it will affect traffic.  Best to config this thing offline with a few test PCs (inside interface and outside interface with VPN client) to get it working before you place it inline - AFTER HOURS!

App-V - is definitely something you have to lab-build and get your configuration perfect before you deploy.  By lab-build, I refer to keeping the server off limits even if it's on the production LAN while you configure it.  Use the separate OU and test workstations in that OU to get your GPOs right before linking them to any production OUs.

Small steps.  Configure/Test/Deploy.

Don't rush.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jmichaelpalermo4Author Commented:
Thanks Netman66 - this should be enough to get me started. I appreciate the time.
0
Netman66Commented:
Thanks!  If you run into anything during your quest, feel free to ask.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.