Solved

how to manage mobile users, members of domain?

Posted on 2014-12-01
6
94 Views
Last Modified: 2014-12-06
Hello all! I would like to ask someone with experience, how to manage mobile users.

I am managing a company, where I have 3 users that are mostly mobile. They do come in company sometimes, but that is reasonably rare. Now, should I add them to domain at all? how should I manage their status to keep everything robust?

The server is 2012 R2 with AD and TS there.


Thanks!
0
Comment
Question by:mrmut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40473824
There are few points to keep in mind deciding on how to handle this situation:

1. Do users need connectivity to business systems?
2. Is your email hosted internally and they use same account for logging on PC (most likely user accounts are configured so that password never expires)
3. How do you manage end-point security policies (i.e. anti-virus, firewall, etc.)
4. Information security (i.e. if user is terminated, how can you ensure to remove their access from proprietary information (i.e. on the local computer)

If above concerns do apply to your situation then my recommendation would be implement something like Home-Office router or Microsoft Direct Access (included with Windows Server 2012).

Home-Office routers can maintain VPN connection to the corporation and user logs on their PCs just as they would at the office.  This will ensure end-point policies can apply (i.e. password expiration, anti-virus updates, Group Policies, etc.).

Direct Access does the same and even better.  As soon as user turns on PC and if there is Internet connectivity, tunnel is established to corporate infrastructure.  This will ensure that user logons are authenticated against DC, etc. and if an account is terminated, the affected user will not be able to logon to the PC.
0
 

Author Comment

by:mrmut
ID: 40474589
Hello, thank you for a great overview!

To answer to your questions:

1. Do users need connectivity to business systems?

There is a accounting program that depends on flat-file database, and we use terminal services for that.

2. Is your email hosted internally and they use same account for logging on PC (most likely user accounts are configured so that password never expires)

No, we use external cloud email service.

3. How do you manage end-point security policies (i.e. anti-virus, firewall, etc.)

We have an internal antivirus update and management server application, and firewalls are not specifically configured, except if need to do that occurs.

4. Information security (i.e. if user is terminated, how can you ensure to remove their access from proprietary information (i.e. on the local computer)

Good question. I think that this is not critical issue. Main system is on local network, including accounting data. Apart from that, company is small and well managed, so there is no real danger from this direction.

Regarding Direct Access option; I do like that, but how does it work? We have a Dynamic DNS service; would these two work together?
0
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 40475177
Refer to following link for Direct Access information from Microsoft TechNote:

http://blogs.technet.com/b/meamcs/archive/tags/direct+access/default.aspx
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 20

Expert Comment

by:compdigit44
ID: 40477390
I work for a larger company and what we do for our remote users is remote desktops / VDI's using Citrix but Microsoft has there own twist on this as well.

This way the user can connect from any device with a supported web browser with the installed plug-in
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 40477412
I have never tried it but Azure has a remoteapp offering...

http://www.microsoft.com/en-us/server-cloud/products/virtual-desktop-infrastructure/
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 500 total points
ID: 40477701
Citrix XenApp runs on top of Windows OS with Remote Desktop Services running as well as Citrix also has VDI solution but they are for large organizations with deep pockets.  Azure is only good if you are going to be running your applications on Azure and if you do not use Azure as your infrastructure then it is not going to work.  You will either need VPN access or some sort of access to access your applications.  You could have your applications accessible over the Internet without VPN access but I would caution against that unless you have good security.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question