Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


I have a remote laptop for traveling user, what is the best way to set it up for updates?  (Unique situation)

Posted on 2012-09-13
Medium Priority
Last Modified: 2012-09-18
Please forgive me I am new at this.

I have a domain user that operates 90% outside of our building at another county office but she has a company laptop that belongs to my company to do her work on.  She mainly just uses outlook and office programs on the laptop.  She comes in once a month for me to check things out and connect to the WSUS server for updates.  

We run McAfee virus scan 8.8 enterprise for all the domain computers but I am not sure if there is a way that she is receiving her AV updates while she is out of the building through the internet, I never checked to see, my fault.  But I was assuming no, I thought the computer had to be physcally connected to our domain to process the updates just like with WSUS updates.  I did not see any difference in the McAfee policy for the group this laptop is a member of when comparing it to other computers in house.

Well I was just told that this user is leaving the company but the county entity she works for asked if they could use the laptop for a while for the new person in her position, I received approval to do this.  Since the employee that will be using this laptop now is not a member of our domain (or our company in general... but looseley affiliated), I need to know what the best way to approach this is.

I can add a user account to the domain (just in the domain users folder so there is no real access to anything) and let her login that way, but I was still concerned about the updates and the AV updates.  I am told that this person will bring the laptop in once a month for me to examine as well.  She will only be using Office, and a remote desktop connection to their company portal on this laptop.

The first solution I thought of was to just unjoin the laptop from the domain, setup a local user account for the new person, then use one of the McAfee Saas licenses I have for our remote sites so the PC can receive antivirus updates; and I can keep track of it easier through the internet.  I just have to get approval to use the AV license since it is funded through another department here but I should be able to do that.

I have no experience setting up remote users when it comes to the best practice relating to the domain and updates, I think there has to be more to it.  What would be the best way to go about my situation here with this laptop?  Would it just be easier to remove it from the domain and go the local user route?  

One thing I should mention is that in Group Policy Management on our server, I did not see a real difference between this laptop or the other laptops we have here in house that rarely leave the building.  So that leads me to believe that when this laptop was out of the building, it was not receiving the windows or the McAfee updates.  If that is the case, I lean towards setting it up with the local user account and the remote McAfee Saas product.

All help is much appreciated, thanks!
Question by:g8rcub
  • 3
  • 2

Assisted Solution

Carlisle_Agent earned 1200 total points
ID: 38395265
I would remove the computer from the domain, and make a new local user (guest account perf.). AV wise, you can just put anything on there. If the computer is using RDP, it won't make a difference what AV you use. -My opinion

Author Comment

ID: 38395318
I should have mentioned, there is data that will be shared in the emails on this laptop containing sensitive information so I do want to make sure the PC is secure (not that McAfee is great but it is better than the freeware out there and I can monitor the dat files, detections, etc.).  The RDP is to a portal where this user will be entering data.  

I guess I am also just still curious about if a remote laptop like this (the way it is currently setup connected to our domain but the user only checking in once a month or so)... does it receive any updates when it is not in house?  I think there are ways to configure this but I am not sure how to read the group policy to see if there is an answer in there.  There is a ton going on, still trying to decipher.

Expert Comment

ID: 38395573
no need to remove her from the Ad group,

as she is remote just go to her local GP policy and set windows updates to automatic and install, so it doesnt give her an option to install, delay etc as end users will always press delay if the option is given.

this way windows will auto download each time there is an update and install it as well.
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks


Expert Comment

ID: 38395638
AV updates are mostly automatic unless either you put a GPO to stop it or manually within the onboard settings. Building a new local user account (without administrative privileges) can prevent the computer from automatically updating if you so choose.

Free AV like Avast and AVG are not bad at all. I have personally been using these for a couple of years, and they work great. Less resources used than Norton, so I'm a happy camper.

Author Comment

ID: 38396088
But right now, the McAfee AV on that laptop is setup to push through the server in our domain. If the computer is out in the field for 25 days, it would not receive updates right?

It looks like I will be going the local user account route and setting windows updates to automatic so at least that will be up to date.  But that is why I was going to use the McAfee Saas product that I use on other computers that exist at our community center (that are not connected to our local domain).  They update over the web.

I have used the Free AVG and Avast before at my old job but the computers we ran them on eventually became infected with malware, I guess I could always run malware bytes too?

Accepted Solution

Carlisle_Agent earned 1200 total points
ID: 38396246
No reason to keep that computer on the domain if you have a new user that is not with the company. For security reasons, I would take it off and make that guest account.

Yes, MalwareBytes is great for that. In the years I have been using AVG, I have never come across malware when using them both. Just because it is free, doesn't mean it doesn't work. Take Unbuntu. Works great for normal use and its free. Everything should be this way including information.

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question