I have a remote laptop for traveling user, what is the best way to set it up for updates?  (Unique situation)

Posted on 2012-09-13
Last Modified: 2012-09-18
Please forgive me I am new at this.

I have a domain user that operates 90% outside of our building at another county office but she has a company laptop that belongs to my company to do her work on.  She mainly just uses outlook and office programs on the laptop.  She comes in once a month for me to check things out and connect to the WSUS server for updates.  

We run McAfee virus scan 8.8 enterprise for all the domain computers but I am not sure if there is a way that she is receiving her AV updates while she is out of the building through the internet, I never checked to see, my fault.  But I was assuming no, I thought the computer had to be physcally connected to our domain to process the updates just like with WSUS updates.  I did not see any difference in the McAfee policy for the group this laptop is a member of when comparing it to other computers in house.

Well I was just told that this user is leaving the company but the county entity she works for asked if they could use the laptop for a while for the new person in her position, I received approval to do this.  Since the employee that will be using this laptop now is not a member of our domain (or our company in general... but looseley affiliated), I need to know what the best way to approach this is.

I can add a user account to the domain (just in the domain users folder so there is no real access to anything) and let her login that way, but I was still concerned about the updates and the AV updates.  I am told that this person will bring the laptop in once a month for me to examine as well.  She will only be using Office, and a remote desktop connection to their company portal on this laptop.

The first solution I thought of was to just unjoin the laptop from the domain, setup a local user account for the new person, then use one of the McAfee Saas licenses I have for our remote sites so the PC can receive antivirus updates; and I can keep track of it easier through the internet.  I just have to get approval to use the AV license since it is funded through another department here but I should be able to do that.

I have no experience setting up remote users when it comes to the best practice relating to the domain and updates, I think there has to be more to it.  What would be the best way to go about my situation here with this laptop?  Would it just be easier to remove it from the domain and go the local user route?  

One thing I should mention is that in Group Policy Management on our server, I did not see a real difference between this laptop or the other laptops we have here in house that rarely leave the building.  So that leads me to believe that when this laptop was out of the building, it was not receiving the windows or the McAfee updates.  If that is the case, I lean towards setting it up with the local user account and the remote McAfee Saas product.

All help is much appreciated, thanks!
Question by:g8rcub
    LVL 5

    Assisted Solution

    I would remove the computer from the domain, and make a new local user (guest account perf.). AV wise, you can just put anything on there. If the computer is using RDP, it won't make a difference what AV you use. -My opinion

    Author Comment

    I should have mentioned, there is data that will be shared in the emails on this laptop containing sensitive information so I do want to make sure the PC is secure (not that McAfee is great but it is better than the freeware out there and I can monitor the dat files, detections, etc.).  The RDP is to a portal where this user will be entering data.  

    I guess I am also just still curious about if a remote laptop like this (the way it is currently setup connected to our domain but the user only checking in once a month or so)... does it receive any updates when it is not in house?  I think there are ways to configure this but I am not sure how to read the group policy to see if there is an answer in there.  There is a ton going on, still trying to decipher.
    LVL 6

    Expert Comment

    no need to remove her from the Ad group,

    as she is remote just go to her local GP policy and set windows updates to automatic and install, so it doesnt give her an option to install, delay etc as end users will always press delay if the option is given.

    this way windows will auto download each time there is an update and install it as well.
    LVL 5

    Expert Comment

    AV updates are mostly automatic unless either you put a GPO to stop it or manually within the onboard settings. Building a new local user account (without administrative privileges) can prevent the computer from automatically updating if you so choose.

    Free AV like Avast and AVG are not bad at all. I have personally been using these for a couple of years, and they work great. Less resources used than Norton, so I'm a happy camper.

    Author Comment

    But right now, the McAfee AV on that laptop is setup to push through the server in our domain. If the computer is out in the field for 25 days, it would not receive updates right?

    It looks like I will be going the local user account route and setting windows updates to automatic so at least that will be up to date.  But that is why I was going to use the McAfee Saas product that I use on other computers that exist at our community center (that are not connected to our local domain).  They update over the web.

    I have used the Free AVG and Avast before at my old job but the computers we ran them on eventually became infected with malware, I guess I could always run malware bytes too?
    LVL 5

    Accepted Solution

    No reason to keep that computer on the domain if you have a new user that is not with the company. For security reasons, I would take it off and make that guest account.

    Yes, MalwareBytes is great for that. In the years I have been using AVG, I have never come across malware when using them both. Just because it is free, doesn't mean it doesn't work. Take Unbuntu. Works great for normal use and its free. Everything should be this way including information.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Suggested Solutions

    The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
    In this article you will get to know about pros and cons of storage drives HDD, SSD and SSHD.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now