Solved

how to manage mobile users, members of domain?

Posted on 2014-12-01
6
86 Views
Last Modified: 2014-12-06
Hello all! I would like to ask someone with experience, how to manage mobile users.

I am managing a company, where I have 3 users that are mostly mobile. They do come in company sometimes, but that is reasonably rare. Now, should I add them to domain at all? how should I manage their status to keep everything robust?

The server is 2012 R2 with AD and TS there.


Thanks!
0
Comment
Question by:mrmut
  • 3
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40473824
There are few points to keep in mind deciding on how to handle this situation:

1. Do users need connectivity to business systems?
2. Is your email hosted internally and they use same account for logging on PC (most likely user accounts are configured so that password never expires)
3. How do you manage end-point security policies (i.e. anti-virus, firewall, etc.)
4. Information security (i.e. if user is terminated, how can you ensure to remove their access from proprietary information (i.e. on the local computer)

If above concerns do apply to your situation then my recommendation would be implement something like Home-Office router or Microsoft Direct Access (included with Windows Server 2012).

Home-Office routers can maintain VPN connection to the corporation and user logs on their PCs just as they would at the office.  This will ensure end-point policies can apply (i.e. password expiration, anti-virus updates, Group Policies, etc.).

Direct Access does the same and even better.  As soon as user turns on PC and if there is Internet connectivity, tunnel is established to corporate infrastructure.  This will ensure that user logons are authenticated against DC, etc. and if an account is terminated, the affected user will not be able to logon to the PC.
0
 

Author Comment

by:mrmut
ID: 40474589
Hello, thank you for a great overview!

To answer to your questions:

1. Do users need connectivity to business systems?

There is a accounting program that depends on flat-file database, and we use terminal services for that.

2. Is your email hosted internally and they use same account for logging on PC (most likely user accounts are configured so that password never expires)

No, we use external cloud email service.

3. How do you manage end-point security policies (i.e. anti-virus, firewall, etc.)

We have an internal antivirus update and management server application, and firewalls are not specifically configured, except if need to do that occurs.

4. Information security (i.e. if user is terminated, how can you ensure to remove their access from proprietary information (i.e. on the local computer)

Good question. I think that this is not critical issue. Main system is on local network, including accounting data. Apart from that, company is small and well managed, so there is no real danger from this direction.

Regarding Direct Access option; I do like that, but how does it work? We have a Dynamic DNS service; would these two work together?
0
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 40475177
Refer to following link for Direct Access information from Microsoft TechNote:

http://blogs.technet.com/b/meamcs/archive/tags/direct+access/default.aspx
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 19

Expert Comment

by:compdigit44
ID: 40477390
I work for a larger company and what we do for our remote users is remote desktops / VDI's using Citrix but Microsoft has there own twist on this as well.

This way the user can connect from any device with a supported web browser with the installed plug-in
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 40477412
I have never tried it but Azure has a remoteapp offering...

http://www.microsoft.com/en-us/server-cloud/products/virtual-desktop-infrastructure/
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 500 total points
ID: 40477701
Citrix XenApp runs on top of Windows OS with Remote Desktop Services running as well as Citrix also has VDI solution but they are for large organizations with deep pockets.  Azure is only good if you are going to be running your applications on Azure and if you do not use Azure as your infrastructure then it is not going to work.  You will either need VPN access or some sort of access to access your applications.  You could have your applications accessible over the Internet without VPN access but I would caution against that unless you have good security.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now