Solved

how to manage mobile users, members of domain?

Posted on 2014-12-01
6
93 Views
Last Modified: 2014-12-06
Hello all! I would like to ask someone with experience, how to manage mobile users.

I am managing a company, where I have 3 users that are mostly mobile. They do come in company sometimes, but that is reasonably rare. Now, should I add them to domain at all? how should I manage their status to keep everything robust?

The server is 2012 R2 with AD and TS there.


Thanks!
0
Comment
Question by:mrmut
  • 3
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40473824
There are few points to keep in mind deciding on how to handle this situation:

1. Do users need connectivity to business systems?
2. Is your email hosted internally and they use same account for logging on PC (most likely user accounts are configured so that password never expires)
3. How do you manage end-point security policies (i.e. anti-virus, firewall, etc.)
4. Information security (i.e. if user is terminated, how can you ensure to remove their access from proprietary information (i.e. on the local computer)

If above concerns do apply to your situation then my recommendation would be implement something like Home-Office router or Microsoft Direct Access (included with Windows Server 2012).

Home-Office routers can maintain VPN connection to the corporation and user logs on their PCs just as they would at the office.  This will ensure end-point policies can apply (i.e. password expiration, anti-virus updates, Group Policies, etc.).

Direct Access does the same and even better.  As soon as user turns on PC and if there is Internet connectivity, tunnel is established to corporate infrastructure.  This will ensure that user logons are authenticated against DC, etc. and if an account is terminated, the affected user will not be able to logon to the PC.
0
 

Author Comment

by:mrmut
ID: 40474589
Hello, thank you for a great overview!

To answer to your questions:

1. Do users need connectivity to business systems?

There is a accounting program that depends on flat-file database, and we use terminal services for that.

2. Is your email hosted internally and they use same account for logging on PC (most likely user accounts are configured so that password never expires)

No, we use external cloud email service.

3. How do you manage end-point security policies (i.e. anti-virus, firewall, etc.)

We have an internal antivirus update and management server application, and firewalls are not specifically configured, except if need to do that occurs.

4. Information security (i.e. if user is terminated, how can you ensure to remove their access from proprietary information (i.e. on the local computer)

Good question. I think that this is not critical issue. Main system is on local network, including accounting data. Apart from that, company is small and well managed, so there is no real danger from this direction.

Regarding Direct Access option; I do like that, but how does it work? We have a Dynamic DNS service; would these two work together?
0
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 40475177
Refer to following link for Direct Access information from Microsoft TechNote:

http://blogs.technet.com/b/meamcs/archive/tags/direct+access/default.aspx
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 19

Expert Comment

by:compdigit44
ID: 40477390
I work for a larger company and what we do for our remote users is remote desktops / VDI's using Citrix but Microsoft has there own twist on this as well.

This way the user can connect from any device with a supported web browser with the installed plug-in
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 40477412
I have never tried it but Azure has a remoteapp offering...

http://www.microsoft.com/en-us/server-cloud/products/virtual-desktop-infrastructure/
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 500 total points
ID: 40477701
Citrix XenApp runs on top of Windows OS with Remote Desktop Services running as well as Citrix also has VDI solution but they are for large organizations with deep pockets.  Azure is only good if you are going to be running your applications on Azure and if you do not use Azure as your infrastructure then it is not going to work.  You will either need VPN access or some sort of access to access your applications.  You could have your applications accessible over the Internet without VPN access but I would caution against that unless you have good security.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In-place Upgrading Dirsync to Azure AD Connect
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question