Guest Dave Cason Posted July 30, 2007 Posted July 30, 2007 Hi Everyone, Here's sort of odd basic question. I have SBS running with about 10 local clients and I now have 5 of them who are going to laptops. So sometimes they’re here and others they could be working from a hotel, etc. We run Exchange and File and Print services and that’s about it. What’s the best way for them to get in to the network? If I make them members as usual then when they go out they won’t be able to authenticate to the server when they want to work outside the office. - Should I make them all local accounts and have them work in a workgroup only to be able to get in and pull mail, etc? - Should I create two profiles on the laptops for when they are here and then when they are remote? - Would there be two or more profiles to use, should the laptop be a member of the domain? Is there a best practices way to have people on laptops? I myself don’t know …… Cheers’ Dave
Guest Robert L [MVP - Networking] Posted July 30, 2007 Posted July 30, 2007 Re: Sort of an odd question ...... desktop vs. laptops They can join the domain and logon using credentials when they are out of the office so that they have just one profile. Bob Lin, MS-MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message news:17AAF222-75CB-40B2-862E-4E7FD039F586@microsoft.com... Hi Everyone, Here's sort of odd basic question. I have SBS running with about 10 local clients and I now have 5 of them who are going to laptops. So sometimes they’re here and others they could be working from a hotel, etc. We run Exchange and File and Print services and that’s about it. What’s the best way for them to get in to the network? If I make them members as usual then when they go out they won’t be able to authenticate to the server when they want to work outside the office. - Should I make them all local accounts and have them work in a workgroup only to be able to get in and pull mail, etc? - Should I create two profiles on the laptops for when they are here and then when they are remote? - Would there be two or more profiles to use, should the laptop be a member of the domain? Is there a best practices way to have people on laptops? I myself don’t know …… Cheers’ Dave
Guest Dave Cason Posted July 30, 2007 Posted July 30, 2007 Re: Sort of an odd question ...... desktop vs. laptops Hi Rob, OK, so take the computer, JOIN the domain, and they'll get in when they have the right LoginName and Password and DOMAIN listed in the credentials but if they go mobile and the domain is not avial. and they have no local profile how can they login? Don't I have to create a local login profile on the laptop and that will let the user then pick the DOMAIN or LAPTOPNAME (this computer) to get in when they are away right? Will that create two profiles and desktops on the laptop or just one? BTW - thanks for the help, I know its a dumb question but I just want to know if I'm doing it the best way! Or there is a better way to do it that I've never tried.... Cheers' Dave "Robert L [MVP - Networking]" wrote: > They can join the domain and logon using credentials when they are out of the >office so that they have just one profile. > Bob Lin, MS-MVP, MCSE & CNE > "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message > Hi Everyone, > Here's sort of odd basic question. I have SBS running with about 10 local > clients and I now have 5 of them who are going to laptops. > So sometimes they’re here and others they could be working from a hotel, > etc. We run Exchange and File and Print services and > that’s about it. > What’s the best way for them to get in to the network? If I make them > members as usual then when they go out they won’t be able > to authenticate to the server when they want to work outside the office. > > - Should I make them all local accounts and have them work in a workgroup > only to be able to get in and pull mail, etc? > - Should I create two profiles on the laptops for when they are here and > then when they are remote? > - Would there be two or more profiles to use, should the laptop be a member > of the domain? > Is there a best practices way to have people on laptops? I myself don’t > know ……Cheers’Dave
Guest Danny Sanders Posted July 30, 2007 Posted July 30, 2007 Re: Sort of an odd question ...... desktop vs. laptops > OK, so take the computer, JOIN the domain, and they'll get in when they > have > the right LoginName and Password and DOMAIN listed in the credentials but > if > they go mobile and the domain is not avial. and they have no local profile > how can they login? They will use cached credentials. They just log into the laptop as if the domain were there. > Don't I have to create a local login profile on the laptop and that will > let > the user then pick the DOMAIN or LAPTOPNAME (this computer) to get in when > they are away right? Will that create two profiles and desktops on the > laptop or just one? No you don't have to. This would create another layer of administration. You can lock the laptop down using group policies from the domain. When they are on the road and they log in with their domain credentials, those group policies will be in effect. If they log in locally, you would have to create a local policy to lock down the laptop when they log in locally. You would have to do this per laptop. hth DDS "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message news:8E6F6900-6426-4A56-8581-6C17D5C9F662@microsoft.com... > Hi Rob, > > OK, so take the computer, JOIN the domain, and they'll get in when they > have > the right LoginName and Password and DOMAIN listed in the credentials but > if > they go mobile and the domain is not avial. and they have no local profile > how can they login? > > Don't I have to create a local login profile on the laptop and that will > let > the user then pick the DOMAIN or LAPTOPNAME (this computer) to get in when > they are away right? Will that create two profiles and desktops on the > laptop or just one? > > BTW - thanks for the help, I know its a dumb question but I just want to > know if I'm doing it the best way! Or there is a better way to do it that > I've never tried.... > > Cheers' > Dave > > > "Robert L [MVP - Networking]" wrote: >> They can join the domain and logon using credentials when they are out of >> the >office so that they have just one profile. >> Bob Lin, MS-MVP, MCSE & CNE > > >> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message >> Hi Everyone, >> Here's sort of odd basic question. I have SBS running with about 10 >> local >> clients and I now have 5 of them who are going to laptops. >> So sometimes they're here and others they could be working from a >> hotel, >> etc. We run Exchange and File and Print services and >> that's about it. >> What's the best way for them to get in to the network? If I make them >> members as usual then when they go out they won't be able >> to authenticate to the server when they want to work outside the >> office. >> >> - Should I make them all local accounts and have them work in a >> workgroup >> only to be able to get in and pull mail, etc? >> - Should I create two profiles on the laptops for when they are here >> and >> then when they are remote? >> - Would there be two or more profiles to use, should the laptop be a >> member >> of the domain? >> Is there a best practices way to have people on laptops? I myself don't >> know ..Cheers'Dave
Guest Dave Cason Posted July 30, 2007 Posted July 30, 2007 Re: Sort of an odd question ...... desktop vs. laptops OK, so I can create each user on their new laptops just as if I have them always connected to the domain so if they disconnect from the network the PC will still let them log in. Correct? We also give them local admin right's for the machines becasue the boss wants them to have the abilbity to add / remove pgms from the laptop. (not my idea) Will that stay in the cached credentials? Also, there are no policys being pushed out to the laptops right now so how hard is it to create one? Do the laptops still join the domain, I would assume so? Cheers' Dave "Danny Sanders" wrote: > They will use cached credentials. They just log into the laptop as if the > domain were there. > > No you don't have to. This would create another layer of administration. You > can lock the laptop down using group policies from the domain. When they are > on the road and they log in with their domain credentials, those group > policies will be in effect. If they log in locally, you would have to create > a local policy to lock down the laptop when they log in locally. You would > have to do this per laptop. > hth > DDS > > "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message > news:8E6F6900-6426-4A56-8581-6C17D5C9F662@microsoft.com... > > Hi Rob, > > > > OK, so take the computer, JOIN the domain, and they'll get in when they > > have the right LoginName and Password and DOMAIN listed in the credentials > > but if they go mobile and the domain is not avial. and they have no local profile > > how can they login? Don't I have to create a local login profile on the laptop and > > that will let the user then pick the DOMAIN or LAPTOPNAME (this computer) to > > get in when they are away right? Will that create two profiles and desktops on > > the laptop or just one? > > > > "Robert L [MVP - Networking]" wrote: > >> They can join the domain and logon using credentials when they are out of > >> the >office so that they have just one profile. > >> Bob Lin, MS-MVP, MCSE & CNE > > > > > >> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message > >> Hi Everyone, > >> Here's sort of odd basic question. I have SBS running with about 10 > >> local > >> clients and I now have 5 of them who are going to laptops. > >> So sometimes they're here and others they could be working from a > >> hotel, > >> etc. We run Exchange and File and Print services and > >> that's about it. > >> What's the best way for them to get in to the network? If I make them > >> members as usual then when they go out they won't be able > >> to authenticate to the server when they want to work outside the > >> office. > >> > >> - Should I make them all local accounts and have them work in a > >> workgroup > >> only to be able to get in and pull mail, etc? > >> - Should I create two profiles on the laptops for when they are here > >> and > >> then when they are remote? > >> - Would there be two or more profiles to use, should the laptop be a > >> member > >> of the domain? > >> Is there a best practices way to have people on laptops? I myself don't > >> know ..Cheers'Dave > > >
Guest Danny Sanders Posted July 30, 2007 Posted July 30, 2007 Re: Sort of an odd question ...... desktop vs. laptops > OK, so I can create each user on their new laptops just as if I have them > always connected to the domain so if they disconnect from the network the > PC > will still let them log in. Correct? Not totally following this question. Add the computer to the domain and let the user log onto the computer for the first time while it's connected to the domain. These credentials are now cached. Using the same username and password and logging onto the domain (select the domain from the dropdown list NOT "this computer") the user above will log on using cached credentials when the domain is not available. > We also give them local admin right's for the machines becasue the boss > wants them to have the abilbity to add / remove pgms from the laptop. (not > my > idea) > Will that stay in the cached credentials? There are domain accounts and there are local accounts. Domain accounts are controlled by the server, cached credentials come into play when logging on to the domain when the domain server (which controls the domain accounts) is not available. This is a local account controlled by the local computer. No need for cached credentials. The username and password for *local* accounts are stored on the local computer. You will *never* log into a local computer without the computer being available. > Also, there are no policys being pushed out to the laptops right now so > how > hard is it to create one? Do the laptops still join the domain, I would > assume so? See: http://support.microsoft.com/kb/818735/en-us and yes they have to be a member of the domain to push down group policies. "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message news:1294E15D-0790-49D6-B11B-357476FFAE88@microsoft.com... > OK, so I can create each user on their new laptops just as if I have them > always connected to the domain so if they disconnect from the network the > PC > will still let them log in. Correct? > > We also give them local admin right's for the machines becasue the boss > wants them to have the abilbity to add / remove pgms from the laptop. (not > my > idea) > Will that stay in the cached credentials? > > Also, there are no policys being pushed out to the laptops right now so > how > hard is it to create one? Do the laptops still join the domain, I would > assume so? > > Cheers' > Dave > > > "Danny Sanders" wrote: >> They will use cached credentials. They just log into the laptop as if the >> domain were there. >> >> No you don't have to. This would create another layer of administration. >> You >> can lock the laptop down using group policies from the domain. When they >> are >> on the road and they log in with their domain credentials, those group >> policies will be in effect. If they log in locally, you would have to >> create >> a local policy to lock down the laptop when they log in locally. You >> would >> have to do this per laptop. >> hth >> DDS >> >> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message >> news:8E6F6900-6426-4A56-8581-6C17D5C9F662@microsoft.com... >> > Hi Rob, >> > >> > OK, so take the computer, JOIN the domain, and they'll get in when they >> > have the right LoginName and Password and DOMAIN listed in the >> > credentials >> > but if they go mobile and the domain is not avial. and they have no >> > local profile >> > how can they login? Don't I have to create a local login profile on the >> > laptop and > > that will let the user then pick the DOMAIN or >> > LAPTOPNAME (this computer) to > > get in when they are away right? >> > Will that create two profiles and desktops on > > the laptop or just >> > one? >> > >> > "Robert L [MVP - Networking]" wrote: >> >> They can join the domain and logon using credentials when they are out >> >> of >> >> the >office so that they have just one profile. >> >> Bob Lin, MS-MVP, MCSE & CNE >> > >> > >> >> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message >> >> Hi Everyone, >> >> Here's sort of odd basic question. I have SBS running with about 10 >> >> local >> >> clients and I now have 5 of them who are going to laptops. >> >> So sometimes they're here and others they could be working from a >> >> hotel, >> >> etc. We run Exchange and File and Print services and >> >> that's about it. >> >> What's the best way for them to get in to the network? If I make >> >> them >> >> members as usual then when they go out they won't be able >> >> to authenticate to the server when they want to work outside the >> >> office. >> >> >> >> - Should I make them all local accounts and have them work in a >> >> workgroup >> >> only to be able to get in and pull mail, etc? >> >> - Should I create two profiles on the laptops for when they are here >> >> and >> >> then when they are remote? >> >> - Would there be two or more profiles to use, should the laptop be a >> >> member >> >> of the domain? >> >> Is there a best practices way to have people on laptops? I myself >> >> don't >> >> know ..Cheers'Dave >> >> >>
Recommended Posts