[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Advice for Mobile/Cloud Active Directory Services for offsite sales rep computers

Posted on 2014-01-04
3
Medium Priority
?
441 Views
Last Modified: 2014-11-12
I have a situation where I have a customer that has about 30+ offsite employees that are sales rep all over the US.  Currently each laptop is just setup as a workgroup computer with no management.

With no Active Directory or Group Policy they are becoming prohibitive to manage.

I have looked around and see options for Windows Azure, Windows Intune, etc.  

I'm trying to figure out what the best option will be.  What I would like is to have the computers on the domain to be able to utilize group policies, password enforcement, etc.  

Just not sure if there is any way other than using a VPN that would make this work well.

Thanks.
0
Comment
Question by:truth_talker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 39756935
What does the rest of their environment look like?  

Without knowing that some things I was thinking about was Office 365.  You could also look at Direct Access?

Having said that where I was (starting new job Monday) we were using a traditional VPN  that you talked about.  We have discussed some other methods but we were not there yet.

Thanks

Mike
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39757052
Do you have existing active directory in place ?

You could ask those users to come in office at least once and then join them to domain
This will set their machine in domain and also enforce password restriction on their machine and also some kind of GPOs also you can set (one time GPOs) such as if you set screen saver and wallpaper on their machine pointing to local path.
In order to above works, you must copy those screen saver and wallpaper files on those machine when they are in network
Those users can logon offline with cached credentials, I think limit is 25 for Win7, you may increase that.
As suggested by Mike, MS direct access is also good option if your company Policy allows that.

Also you may deploy some kind of network access protection (NAP) \ NAC solution in your network so that prior to connect those machines to network through VPN they must prove their eligibility such as updated AV definitions, windows updates etc.
Microsoft provides NAP functionality with VPN OR you can check 3rd party VPN NAP vendors to do that

Mahesh
0
 

Author Comment

by:truth_talker
ID: 39757833
I guess I was hoping for something simple, but I don't think think it is going to be.

My problem with the VPN is training end users and also the VPN wouldn't be enabled on startup so synchronizing group policies may be difficult.  Also if a computer is out in the field and then handed to a new employee.  The new employee wouldn't be able to sign in until they came to the office.

The issue is some computers are so far away, this isn't possible.  The laptop  literally may never come into the office except for the initial setup.

Intune might be the way I have to go, Direct Access looks like it may be too much setup.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question