Solved

how to manage mobile users, members of domain?

Posted on 2014-12-01
6
100 Views
Last Modified: 2014-12-06
Hello all! I would like to ask someone with experience, how to manage mobile users.

I am managing a company, where I have 3 users that are mostly mobile. They do come in company sometimes, but that is reasonably rare. Now, should I add them to domain at all? how should I manage their status to keep everything robust?

The server is 2012 R2 with AD and TS there.


Thanks!
0
Comment
Question by:mrmut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40473824
There are few points to keep in mind deciding on how to handle this situation:

1. Do users need connectivity to business systems?
2. Is your email hosted internally and they use same account for logging on PC (most likely user accounts are configured so that password never expires)
3. How do you manage end-point security policies (i.e. anti-virus, firewall, etc.)
4. Information security (i.e. if user is terminated, how can you ensure to remove their access from proprietary information (i.e. on the local computer)

If above concerns do apply to your situation then my recommendation would be implement something like Home-Office router or Microsoft Direct Access (included with Windows Server 2012).

Home-Office routers can maintain VPN connection to the corporation and user logs on their PCs just as they would at the office.  This will ensure end-point policies can apply (i.e. password expiration, anti-virus updates, Group Policies, etc.).

Direct Access does the same and even better.  As soon as user turns on PC and if there is Internet connectivity, tunnel is established to corporate infrastructure.  This will ensure that user logons are authenticated against DC, etc. and if an account is terminated, the affected user will not be able to logon to the PC.
0
 

Author Comment

by:mrmut
ID: 40474589
Hello, thank you for a great overview!

To answer to your questions:

1. Do users need connectivity to business systems?

There is a accounting program that depends on flat-file database, and we use terminal services for that.

2. Is your email hosted internally and they use same account for logging on PC (most likely user accounts are configured so that password never expires)

No, we use external cloud email service.

3. How do you manage end-point security policies (i.e. anti-virus, firewall, etc.)

We have an internal antivirus update and management server application, and firewalls are not specifically configured, except if need to do that occurs.

4. Information security (i.e. if user is terminated, how can you ensure to remove their access from proprietary information (i.e. on the local computer)

Good question. I think that this is not critical issue. Main system is on local network, including accounting data. Apart from that, company is small and well managed, so there is no real danger from this direction.

Regarding Direct Access option; I do like that, but how does it work? We have a Dynamic DNS service; would these two work together?
0
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 40475177
Refer to following link for Direct Access information from Microsoft TechNote:

http://blogs.technet.com/b/meamcs/archive/tags/direct+access/default.aspx
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 
LVL 20

Expert Comment

by:compdigit44
ID: 40477390
I work for a larger company and what we do for our remote users is remote desktops / VDI's using Citrix but Microsoft has there own twist on this as well.

This way the user can connect from any device with a supported web browser with the installed plug-in
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 40477412
I have never tried it but Azure has a remoteapp offering...

http://www.microsoft.com/en-us/server-cloud/products/virtual-desktop-infrastructure/
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 500 total points
ID: 40477701
Citrix XenApp runs on top of Windows OS with Remote Desktop Services running as well as Citrix also has VDI solution but they are for large organizations with deep pockets.  Azure is only good if you are going to be running your applications on Azure and if you do not use Azure as your infrastructure then it is not going to work.  You will either need VPN access or some sort of access to access your applications.  You could have your applications accessible over the Internet without VPN access but I would caution against that unless you have good security.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question