Solved

how to manage mobile users, members of domain?

Posted on 2014-12-01
6
91 Views
Last Modified: 2014-12-06
Hello all! I would like to ask someone with experience, how to manage mobile users.

I am managing a company, where I have 3 users that are mostly mobile. They do come in company sometimes, but that is reasonably rare. Now, should I add them to domain at all? how should I manage their status to keep everything robust?

The server is 2012 R2 with AD and TS there.


Thanks!
0
Comment
Question by:mrmut
  • 3
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40473824
There are few points to keep in mind deciding on how to handle this situation:

1. Do users need connectivity to business systems?
2. Is your email hosted internally and they use same account for logging on PC (most likely user accounts are configured so that password never expires)
3. How do you manage end-point security policies (i.e. anti-virus, firewall, etc.)
4. Information security (i.e. if user is terminated, how can you ensure to remove their access from proprietary information (i.e. on the local computer)

If above concerns do apply to your situation then my recommendation would be implement something like Home-Office router or Microsoft Direct Access (included with Windows Server 2012).

Home-Office routers can maintain VPN connection to the corporation and user logs on their PCs just as they would at the office.  This will ensure end-point policies can apply (i.e. password expiration, anti-virus updates, Group Policies, etc.).

Direct Access does the same and even better.  As soon as user turns on PC and if there is Internet connectivity, tunnel is established to corporate infrastructure.  This will ensure that user logons are authenticated against DC, etc. and if an account is terminated, the affected user will not be able to logon to the PC.
0
 

Author Comment

by:mrmut
ID: 40474589
Hello, thank you for a great overview!

To answer to your questions:

1. Do users need connectivity to business systems?

There is a accounting program that depends on flat-file database, and we use terminal services for that.

2. Is your email hosted internally and they use same account for logging on PC (most likely user accounts are configured so that password never expires)

No, we use external cloud email service.

3. How do you manage end-point security policies (i.e. anti-virus, firewall, etc.)

We have an internal antivirus update and management server application, and firewalls are not specifically configured, except if need to do that occurs.

4. Information security (i.e. if user is terminated, how can you ensure to remove their access from proprietary information (i.e. on the local computer)

Good question. I think that this is not critical issue. Main system is on local network, including accounting data. Apart from that, company is small and well managed, so there is no real danger from this direction.

Regarding Direct Access option; I do like that, but how does it work? We have a Dynamic DNS service; would these two work together?
0
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 40475177
Refer to following link for Direct Access information from Microsoft TechNote:

http://blogs.technet.com/b/meamcs/archive/tags/direct+access/default.aspx
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 19

Expert Comment

by:compdigit44
ID: 40477390
I work for a larger company and what we do for our remote users is remote desktops / VDI's using Citrix but Microsoft has there own twist on this as well.

This way the user can connect from any device with a supported web browser with the installed plug-in
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 40477412
I have never tried it but Azure has a remoteapp offering...

http://www.microsoft.com/en-us/server-cloud/products/virtual-desktop-infrastructure/
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 500 total points
ID: 40477701
Citrix XenApp runs on top of Windows OS with Remote Desktop Services running as well as Citrix also has VDI solution but they are for large organizations with deep pockets.  Azure is only good if you are going to be running your applications on Azure and if you do not use Azure as your infrastructure then it is not going to work.  You will either need VPN access or some sort of access to access your applications.  You could have your applications accessible over the Internet without VPN access but I would caution against that unless you have good security.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AD 20012 r2 / vmware horizon 6 37
MaxPosPhaseCorrection setting 3 21
Unable to join computer to Domain (unless I put DNS entry manually) 23 62
sql server service accounts 4 26
Synchronize a new Active Directory domain with an existing Office 365 tenant
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question