Please forgive me I am new at this.
I have a domain user that operates 90% outside of our building at another county office but she has a company laptop that belongs to my company to do her work on. She mainly just uses outlook and office programs on the laptop. She comes in once a month for me to check things out and connect to the WSUS server for updates.
We run McAfee virus scan 8.8 enterprise for all the domain computers but I am not sure if there is a way that she is receiving her AV updates while she is out of the building through the internet, I never checked to see, my fault. But I was assuming no, I thought the computer had to be physcally connected to our domain to process the updates just like with WSUS updates. I did not see any difference in the McAfee policy for the group this laptop is a member of when comparing it to other computers in house.
Well I was just told that this user is leaving the company but the county entity she works for asked if they could use the laptop for a while for the new person in her position, I received approval to do this. Since the employee that will be using this laptop now is not a member of our domain (or our company in general... but looseley affiliated), I need to know what the best way to approach this is.
I can add a user account to the domain (just in the domain users folder so there is no real access to anything) and let her login that way, but I was still concerned about the updates and the AV updates. I am told that this person will bring the laptop in once a month for me to examine as well. She will only be using Office, and a remote desktop connection to their company portal on this laptop.
The first solution I thought of was to just unjoin the laptop from the domain, setup a local user account for the new person, then use one of the McAfee Saas licenses I have for our remote sites so the PC can receive antivirus updates; and I can keep track of it easier through the internet. I just have to get approval to use the AV license since it is funded through another department here but I should be able to do that.
I have no experience setting up remote users when it comes to the best practice relating to the domain and updates, I think there has to be more to it. What would be the best way to go about my situation here with this laptop? Would it just be easier to remove it from the domain and go the local user route?
One thing I should mention is that in Group Policy Management on our server, I did not see a real difference between this laptop or the other laptops we have here in house that rarely leave the building. So that leads me to believe that when this laptop was out of the building, it was not receiving the windows or the McAfee updates. If that is the case, I lean towards setting it up with the local user account and the remote McAfee Saas product.
All help is much appreciated, thanks!