Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Ideal Domain Laptop Configuration

Posted on 2012-04-11
5
Medium Priority
?
544 Views
Last Modified: 2012-06-27
Hello experts -

We're getting ready to roll out a slew of laptops in our Windows 2008-based domain. I've burnt myself in Internet searching - I'm really looking for a best-practice situations that will keep our users working smoothly and quickly. Here's our desired configuration:

Folder Redirection for Desktop/Documents/AppData
Offline files enabled for work on Folder Redirect folders when not connected to the network
VPN connections available when out of the office (we have both a Cisco ASA VPN-capable firewall and an SSTP-supporting RRAS server...best option?)
Application Virtualization for the applications on the laptops

I'd like this to be smooth and quick for the users. Can anyone give me some best practices or pointers to a reliable documentation source on this?

Thank you!
0
Comment
Question by:jmichaelpalermo4
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 37836987
Tall order.

For starters, Folder redirection and Offline Files can be handled using Group Policy and/or Group Policy Preferences.

For the VPN, the ASA is the way to go.  You can use the legacy VPN client or AnyConnect (pushed from the ASA) - my feelings on this are mixed, but not having a web service facing the Internet from the ASA would seem more secure and that's how you push out AnyConnect.  So if you don't mind the legacy VPN client, it may be more secure but more work for you to deploy.

App-V can be accomplished, certainly - http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/virtualization/app-v.aspx
0
 
LVL 3

Author Comment

by:jmichaelpalermo4
ID: 37840528
Netman66 -

Thanks for the reply and advise; I was definitely hoping for a more "big picture" solution - a best practice guide or "here's Microsoft's suggestions on how to roll this whole thing out." (I'm hoping for the 'tall order' from your post ;)

Any thoughts? Thanks!
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 37840611
Each requirement you listed can be compartmentalized.

Here is a good resource for Folder Redirection:

http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/


The Cisco solution is here using ASDM (the GUI instead of the CLI):

http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdms521.pdf


Everything you want to know about App-V (but were afraid to ask):

http://blogs.technet.com/b/aviraj/archive/2011/08/22/microsoft-application-virtualization-app-v-resources-documentation-videos-amp-best-practices.aspx


What you want is fairly standard for many companies, but understanding the concepts you want to implement is paramount to understanding what you are really asking to do.  In other words, you may have these ideas and we know they are being used out there - but using them correctly is the part that many fail miserably with.  Take time to read up on these things individually and grasp the concept before you start to configure them so that you avoid having to re-configure things when you head down the wrong path.

I could spend countless hours on each topic, but that doesn't help you learn the technologies as they relate to your environment.  Only you can determine what direction to take.

As far as being seamless, you need to create a separate OU with a few test machines inside it.  Apply new Group Policy or Group Policy Preferences to this OU only until you get it correct.  At that point you can link the GPO/GPP to the OU that contains your production workstations (not servers - and not the default Computers container).  This will ensure you don't affect anything until you've tested things.

VPN - same deal.  The ASA can sit behind your router or replace it.  But as long as it's inline with your internet link then it will affect traffic.  Best to config this thing offline with a few test PCs (inside interface and outside interface with VPN client) to get it working before you place it inline - AFTER HOURS!

App-V - is definitely something you have to lab-build and get your configuration perfect before you deploy.  By lab-build, I refer to keeping the server off limits even if it's on the production LAN while you configure it.  Use the separate OU and test workstations in that OU to get your GPOs right before linking them to any production OUs.

Small steps.  Configure/Test/Deploy.

Don't rush.
0
 
LVL 3

Author Closing Comment

by:jmichaelpalermo4
ID: 37852670
Thanks Netman66 - this should be enough to get me started. I appreciate the time.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 37852692
Thanks!  If you run into anything during your quest, feel free to ask.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question