Sort of an odd question ...... desktop vs. laptops

[Guest Dave Cason]

Hi Everyone,

 

Here's sort of odd basic question. I have SBS running with about 10 local

clients and I now have 5 of them who are going to laptops.

So sometimes they’re here and others they could be working from a hotel,

etc. We run Exchange and File and Print services and

that’s about it.

 

What’s the best way for them to get in to the network? If I make them

members as usual then when they go out they won’t be able

to authenticate to the server when they want to work outside the office.

 

- Should I make them all local accounts and have them work in a workgroup

only to be able to get in and pull mail, etc?

- Should I create two profiles on the laptops for when they are here and

then when they are remote?

- Would there be two or more profiles to use, should the laptop be a member

of the domain?

 

Is there a best practices way to have people on laptops? I myself don’t

know ……

 

Cheers’

Dave

[Guest Robert L [MVP - Networking]]

Re: Sort of an odd question ...... desktop vs. laptops

 

They can join the domain and logon using credentials when they are out of the office so that they have just one profile.

 

Bob Lin, MS-MVP, MCSE & CNE

Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net

How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com

"Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message news:17AAF222-75CB-40B2-862E-4E7FD039F586@microsoft.com...

Hi Everyone,

 

Here's sort of odd basic question. I have SBS running with about 10 local

clients and I now have 5 of them who are going to laptops.

So sometimes they’re here and others they could be working from a hotel,

etc. We run Exchange and File and Print services and

that’s about it.

 

What’s the best way for them to get in to the network? If I make them

members as usual then when they go out they won’t be able

to authenticate to the server when they want to work outside the office.

 

- Should I make them all local accounts and have them work in a workgroup

only to be able to get in and pull mail, etc?

- Should I create two profiles on the laptops for when they are here and

then when they are remote?

- Would there be two or more profiles to use, should the laptop be a member

of the domain?

 

Is there a best practices way to have people on laptops? I myself don’t

know ……

 

Cheers’

Dave

[Guest Dave Cason]

Re: Sort of an odd question ...... desktop vs. laptops

 

Hi Rob,

 

OK, so take the computer, JOIN the domain, and they'll get in when they have

the right LoginName and Password and DOMAIN listed in the credentials but if

they go mobile and the domain is not avial. and they have no local profile

how can they login?

 

Don't I have to create a local login profile on the laptop and that will let

the user then pick the DOMAIN or LAPTOPNAME (this computer) to get in when

they are away right? Will that create two profiles and desktops on the

laptop or just one?

 

BTW - thanks for the help, I know its a dumb question but I just want to

know if I'm doing it the best way! Or there is a better way to do it that

I've never tried....

 

Cheers'

Dave

 

 

"Robert L [MVP - Networking]" wrote:

> They can join the domain and logon using credentials when they are out of the >office so that they have just one profile.

> Bob Lin, MS-MVP, MCSE & CNE

 

> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message

> Hi Everyone,

> Here's sort of odd basic question. I have SBS running with about 10 local

> clients and I now have 5 of them who are going to laptops.

> So sometimes they’re here and others they could be working from a hotel,

> etc. We run Exchange and File and Print services and

> that’s about it.

> What’s the best way for them to get in to the network? If I make them

> members as usual then when they go out they won’t be able

> to authenticate to the server when they want to work outside the office.

>

> - Should I make them all local accounts and have them work in a workgroup

> only to be able to get in and pull mail, etc?

> - Should I create two profiles on the laptops for when they are here and

> then when they are remote?

> - Would there be two or more profiles to use, should the laptop be a member

> of the domain?

> Is there a best practices way to have people on laptops? I myself don’t

> know ……Cheers’Dave

[Guest Danny Sanders]

Re: Sort of an odd question ...... desktop vs. laptops

 

> OK, so take the computer, JOIN the domain, and they'll get in when they

> have

> the right LoginName and Password and DOMAIN listed in the credentials but

> if

> they go mobile and the domain is not avial. and they have no local profile

> how can they login?

 

 

They will use cached credentials. They just log into the laptop as if the

domain were there.

> Don't I have to create a local login profile on the laptop and that will

> let

> the user then pick the DOMAIN or LAPTOPNAME (this computer) to get in when

> they are away right? Will that create two profiles and desktops on the

> laptop or just one?

 

No you don't have to. This would create another layer of administration. You

can lock the laptop down using group policies from the domain. When they are

on the road and they log in with their domain credentials, those group

policies will be in effect. If they log in locally, you would have to create

a local policy to lock down the laptop when they log in locally. You would

have to do this per laptop.

 

hth

DDS

 

"Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message

news:8E6F6900-6426-4A56-8581-6C17D5C9F662@microsoft.com...

> Hi Rob,

>

> OK, so take the computer, JOIN the domain, and they'll get in when they

> have

> the right LoginName and Password and DOMAIN listed in the credentials but

> if

> they go mobile and the domain is not avial. and they have no local profile

> how can they login?

>

> Don't I have to create a local login profile on the laptop and that will

> let

> the user then pick the DOMAIN or LAPTOPNAME (this computer) to get in when

> they are away right? Will that create two profiles and desktops on the

> laptop or just one?

>

> BTW - thanks for the help, I know its a dumb question but I just want to

> know if I'm doing it the best way! Or there is a better way to do it that

> I've never tried....

>

> Cheers'

> Dave

>

>

> "Robert L [MVP - Networking]" wrote:

>> They can join the domain and logon using credentials when they are out of

>> the >office so that they have just one profile.

>> Bob Lin, MS-MVP, MCSE & CNE

>

>

>> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message

>> Hi Everyone,

>> Here's sort of odd basic question. I have SBS running with about 10

>> local

>> clients and I now have 5 of them who are going to laptops.

>> So sometimes they're here and others they could be working from a

>> hotel,

>> etc. We run Exchange and File and Print services and

>> that's about it.

>> What's the best way for them to get in to the network? If I make them

>> members as usual then when they go out they won't be able

>> to authenticate to the server when they want to work outside the

>> office.

>>

>> - Should I make them all local accounts and have them work in a

>> workgroup

>> only to be able to get in and pull mail, etc?

>> - Should I create two profiles on the laptops for when they are here

>> and

>> then when they are remote?

>> - Would there be two or more profiles to use, should the laptop be a

>> member

>> of the domain?

>> Is there a best practices way to have people on laptops? I myself don't

>> know ..Cheers'Dave

[Guest Dave Cason]

Re: Sort of an odd question ...... desktop vs. laptops

 

OK, so I can create each user on their new laptops just as if I have them

always connected to the domain so if they disconnect from the network the PC

will still let them log in. Correct?

 

We also give them local admin right's for the machines becasue the boss

wants them to have the abilbity to add / remove pgms from the laptop. (not my

idea)

Will that stay in the cached credentials?

 

Also, there are no policys being pushed out to the laptops right now so how

hard is it to create one? Do the laptops still join the domain, I would

assume so?

 

Cheers'

Dave

 

 

"Danny Sanders" wrote:

> They will use cached credentials. They just log into the laptop as if the

> domain were there.

>

> No you don't have to. This would create another layer of administration. You

> can lock the laptop down using group policies from the domain. When they are

> on the road and they log in with their domain credentials, those group

> policies will be in effect. If they log in locally, you would have to create

> a local policy to lock down the laptop when they log in locally. You would

> have to do this per laptop.

> hth

> DDS

>

> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message

> news:8E6F6900-6426-4A56-8581-6C17D5C9F662@microsoft.com...

> > Hi Rob,

> >

> > OK, so take the computer, JOIN the domain, and they'll get in when they

> > have the right LoginName and Password and DOMAIN listed in the credentials

> > but if they go mobile and the domain is not avial. and they have no local profile

> > how can they login? Don't I have to create a local login profile on the laptop and > > that will let the user then pick the DOMAIN or LAPTOPNAME (this computer) to > > get in when they are away right? Will that create two profiles and desktops on > > the laptop or just one?

> >

> > "Robert L [MVP - Networking]" wrote:

> >> They can join the domain and logon using credentials when they are out of

> >> the >office so that they have just one profile.

> >> Bob Lin, MS-MVP, MCSE & CNE

> >

> >

> >> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message

> >> Hi Everyone,

> >> Here's sort of odd basic question. I have SBS running with about 10

> >> local

> >> clients and I now have 5 of them who are going to laptops.

> >> So sometimes they're here and others they could be working from a

> >> hotel,

> >> etc. We run Exchange and File and Print services and

> >> that's about it.

> >> What's the best way for them to get in to the network? If I make them

> >> members as usual then when they go out they won't be able

> >> to authenticate to the server when they want to work outside the

> >> office.

> >>

> >> - Should I make them all local accounts and have them work in a

> >> workgroup

> >> only to be able to get in and pull mail, etc?

> >> - Should I create two profiles on the laptops for when they are here

> >> and

> >> then when they are remote?

> >> - Would there be two or more profiles to use, should the laptop be a

> >> member

> >> of the domain?

> >> Is there a best practices way to have people on laptops? I myself don't

> >> know ..Cheers'Dave

>

>

>

[Guest Danny Sanders]

Re: Sort of an odd question ...... desktop vs. laptops

 

> OK, so I can create each user on their new laptops just as if I have them

> always connected to the domain so if they disconnect from the network the

> PC

> will still let them log in. Correct?

 

Not totally following this question. Add the computer to the domain and let

the user log onto the computer for the first time while it's connected to

the domain.

These credentials are now cached.

Using the same username and password and logging onto the domain (select the

domain from the dropdown list NOT "this computer") the user above will log

on using cached credentials when the domain is not available.

> We also give them local admin right's for the machines becasue the boss

> wants them to have the abilbity to add / remove pgms from the laptop. (not

> my

> idea)

> Will that stay in the cached credentials?

 

There are domain accounts and there are local accounts. Domain accounts are

controlled by the server, cached credentials come into play when logging on

to the domain when the domain server (which controls the domain accounts) is

not available.

This is a local account controlled by the local computer. No need for cached

credentials. The username and password for *local* accounts are stored on

the local computer. You will *never* log into a local computer without the

computer being available.

 

> Also, there are no policys being pushed out to the laptops right now so

> how

> hard is it to create one? Do the laptops still join the domain, I would

> assume so?

 

See:

http://support.microsoft.com/kb/818735/en-us

 

and yes they have to be a member of the domain to push down group policies.

"Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message

news:1294E15D-0790-49D6-B11B-357476FFAE88@microsoft.com...

> OK, so I can create each user on their new laptops just as if I have them

> always connected to the domain so if they disconnect from the network the

> PC

> will still let them log in. Correct?

>

> We also give them local admin right's for the machines becasue the boss

> wants them to have the abilbity to add / remove pgms from the laptop. (not

> my

> idea)

> Will that stay in the cached credentials?

>

> Also, there are no policys being pushed out to the laptops right now so

> how

> hard is it to create one? Do the laptops still join the domain, I would

> assume so?

>

> Cheers'

> Dave

>

>

> "Danny Sanders" wrote:

>> They will use cached credentials. They just log into the laptop as if the

>> domain were there.

>>

>> No you don't have to. This would create another layer of administration.

>> You

>> can lock the laptop down using group policies from the domain. When they

>> are

>> on the road and they log in with their domain credentials, those group

>> policies will be in effect. If they log in locally, you would have to

>> create

>> a local policy to lock down the laptop when they log in locally. You

>> would

>> have to do this per laptop.

>> hth

>> DDS

>>

>> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message

>> news:8E6F6900-6426-4A56-8581-6C17D5C9F662@microsoft.com...

>> > Hi Rob,

>> >

>> > OK, so take the computer, JOIN the domain, and they'll get in when they

>> > have the right LoginName and Password and DOMAIN listed in the

>> > credentials

>> > but if they go mobile and the domain is not avial. and they have no

>> > local profile

>> > how can they login? Don't I have to create a local login profile on the

>> > laptop and > > that will let the user then pick the DOMAIN or

>> > LAPTOPNAME (this computer) to > > get in when they are away right?

>> > Will that create two profiles and desktops on > > the laptop or just

>> > one?

>> >

>> > "Robert L [MVP - Networking]" wrote:

>> >> They can join the domain and logon using credentials when they are out

>> >> of

>> >> the >office so that they have just one profile.

>> >> Bob Lin, MS-MVP, MCSE & CNE

>> >

>> >

>> >> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message

>> >> Hi Everyone,

>> >> Here's sort of odd basic question. I have SBS running with about 10

>> >> local

>> >> clients and I now have 5 of them who are going to laptops.

>> >> So sometimes they're here and others they could be working from a

>> >> hotel,

>> >> etc. We run Exchange and File and Print services and

>> >> that's about it.

>> >> What's the best way for them to get in to the network? If I make

>> >> them

>> >> members as usual then when they go out they won't be able

>> >> to authenticate to the server when they want to work outside the

>> >> office.

>> >>

>> >> - Should I make them all local accounts and have them work in a

>> >> workgroup

>> >> only to be able to get in and pull mail, etc?

>> >> - Should I create two profiles on the laptops for when they are here

>> >> and

>> >> then when they are remote?

>> >> - Would there be two or more profiles to use, should the laptop be a

>> >> member

>> >> of the domain?

>> >> Is there a best practices way to have people on laptops? I myself

>> >> don't

>> >> know ..Cheers'Dave

>>

>>

>>