Jump to content

1 large head office and lots of branches!

Guest UselessUser

By Guest UselessUser
in Windows 2003 Server

 Share

Recommended Posts

Guest UselessUser

Guest UselessUser

Posted
Posted

Hi all,

 

I got a new job, and it is vastly different to where I was before

(Supporting users all in one building), here they have a large head office

(600 users), with several 150+ small geographically distant sites, each

containing from 3 to 10 PC's...

 

The way this has been managed is simple, HO uses group policies, domain

logons etc, whereas all the branches have local user accounts, and use

webmail or have outlook configured to our Exchange in HO, and they map

network drives manually...

 

I am not sure why it is like this, but obviously it is a pain in the a**e to

manage... with any changes needing to be manually made to every computer in

every site (Or using psexec etc hardly the best method)..

 

Anyways I am looking at changing this scenario, and wondered how people go

about it. Their network connections all run back through to the HO so I was

thinking of joining them all to the domain, and creating loads of sites in

the AD sites msc for them, then just applying the relevant settings unique to

each site in a GPO at the site level.. the important thing to note is that

none of the sites have any servers (Must each site have a server? - I ask

this as I note that the big thing with sites is they control AD

replication...)

 

Basically is this a valid option? Also if their network connection goes

down, I am assuming as long as cached logons are enabled they should be able

to work (albeit locally)... (Cant have remote people being locked out

entirely)...

 

I also assume that SMS is built for this kind of thing, but its an expense I

cannot yet justify (Next years budget), if I do the thing mentioned above and

create sites in ad sites and services, will SMS be able to use them and work

with them (For example deploy Office 2007 in one site only, using BITS

transport...)

 

Please help!

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Leythos

Guest Leythos

Posted
Posted

Re: 1 large head office and lots of branches!

 

In article <004F5DA7-0968-4D1A-85B0-CC4407C62AC6@microsoft.com>,

UselessUser@discussions.microsoft.com says...

> Anyways I am looking at changing this scenario, and wondered how people go

> about it. Their network connections all run back through to the HO so I was

> thinking of joining them all to the domain, and creating loads of sites in

> the AD sites msc for them, then just applying the relevant settings unique to

> each site in a GPO at the site level.. the important thing to note is that

> none of the sites have any servers (Must each site have a server? - I ask

> this as I note that the big thing with sites is they control AD

> replication...)

 

Start thinking Terminal Server for remote offices.

 

From the main firewall at the home office, install SOHO Firewall units

for each branch office. Use the site/site VPN's to map network printers

and such through the tunnels, they can also RDP into the home office

terminal server this way.

 

Terminals cost under $400 each, meaning you save about $1000 for each

one you implement, not to mention the IT/Maintenance cost decreases when

moving to terminals.

 

This does not address your desire for different sites, but it does make

things simple, easy, and no more corrupted files because of a bad

internet connection.

 

--

 

Leythos

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

Guest Anthony

Guest Anthony

Posted
Posted

Re: 1 large head office and lots of branches!

 

You don't say why you are trying to change it. Is it to make it more

convenient for you to manage? Is it to enable the users to do things they

can't do at present?

Anthony, http://www.airdesk.com

 

 

"UselessUser" <UselessUser@discussions.microsoft.com> wrote in message

news:004F5DA7-0968-4D1A-85B0-CC4407C62AC6@microsoft.com...

> Hi all,

>

> I got a new job, and it is vastly different to where I was before

> (Supporting users all in one building), here they have a large head office

> (600 users), with several 150+ small geographically distant sites, each

> containing from 3 to 10 PC's...

>

> The way this has been managed is simple, HO uses group policies, domain

> logons etc, whereas all the branches have local user accounts, and use

> webmail or have outlook configured to our Exchange in HO, and they map

> network drives manually...

>

> I am not sure why it is like this, but obviously it is a pain in the a**e

> to

> manage... with any changes needing to be manually made to every computer

> in

> every site (Or using psexec etc hardly the best method)..

>

> Anyways I am looking at changing this scenario, and wondered how people go

> about it. Their network connections all run back through to the HO so I

> was

> thinking of joining them all to the domain, and creating loads of sites in

> the AD sites msc for them, then just applying the relevant settings unique

> to

> each site in a GPO at the site level.. the important thing to note is that

> none of the sites have any servers (Must each site have a server? - I ask

> this as I note that the big thing with sites is they control AD

> replication...)

>

> Basically is this a valid option? Also if their network connection goes

> down, I am assuming as long as cached logons are enabled they should be

> able

> to work (albeit locally)... (Cant have remote people being locked out

> entirely)...

>

> I also assume that SMS is built for this kind of thing, but its an expense

> I

> cannot yet justify (Next years budget), if I do the thing mentioned above

> and

> create sites in ad sites and services, will SMS be able to use them and

> work

> with them (For example deploy Office 2007 in one site only, using BITS

> transport...)

>

> Please help!

Guest UselessUser

Guest UselessUser

Posted
Posted

Re: 1 large head office and lots of branches!

 

Hi all thanks for replying,

 

Leythos, we have though of this route, using either terminal services or

citrix, but both fail the requirement that if the network is down, it leaves

the users completely stranded, at least with domain logins if the network

goes down they can work locally on Word etc etc...

 

Anthony, thats a good question. Basically we have no control over the branch

PC's at present and this concerns us primarily in two ways...

 

All branch Users are local admins (Basically made like that so they can do

anything we request over the phone without having permission issues.. they of

course start installing software without our consent (itunes, dvd ripping

software etc) which can screw up their business critical apps

 

Lack of ability to make changes quickly and easily... (A good example of

this is that we recently needed to change a web based server application to a

different address, the branch pc's have the old URL hard coded as a favourite

in the Ghost image), whilst a url redirect could also have fixed this, we

were instructed by directors of the company, to change the favourite on every

PC we own... this necesitated the IT Dept calling every branch to make the

change. (There have been many instances of where small changes have had to be

made, server share mapping changes etc)

 

Whilst they can currently perform all business functions with their existing

setup, it is not manageable or scaleable or future proof in any way, and

thats what I am looking to do (As well as primarily take them out of admin

groups) and start gaining back control of the desktops....

 

I appreciate your help but nobody has really answered me as to whether other

people do this using the sites concept like I mentioned earlier??

 

"Anthony" wrote:

> You don't say why you are trying to change it. Is it to make it more

> convenient for you to manage? Is it to enable the users to do things they

> can't do at present?

> Anthony, http://www.airdesk.com

>

>

> "UselessUser" <UselessUser@discussions.microsoft.com> wrote in message

> news:004F5DA7-0968-4D1A-85B0-CC4407C62AC6@microsoft.com...

> > Hi all,

> >

> > I got a new job, and it is vastly different to where I was before

> > (Supporting users all in one building), here they have a large head office

> > (600 users), with several 150+ small geographically distant sites, each

> > containing from 3 to 10 PC's...

> >

> > The way this has been managed is simple, HO uses group policies, domain

> > logons etc, whereas all the branches have local user accounts, and use

> > webmail or have outlook configured to our Exchange in HO, and they map

> > network drives manually...

> >

> > I am not sure why it is like this, but obviously it is a pain in the a**e

> > to

> > manage... with any changes needing to be manually made to every computer

> > in

> > every site (Or using psexec etc hardly the best method)..

> >

> > Anyways I am looking at changing this scenario, and wondered how people go

> > about it. Their network connections all run back through to the HO so I

> > was

> > thinking of joining them all to the domain, and creating loads of sites in

> > the AD sites msc for them, then just applying the relevant settings unique

> > to

> > each site in a GPO at the site level.. the important thing to note is that

> > none of the sites have any servers (Must each site have a server? - I ask

> > this as I note that the big thing with sites is they control AD

> > replication...)

> >

> > Basically is this a valid option? Also if their network connection goes

> > down, I am assuming as long as cached logons are enabled they should be

> > able

> > to work (albeit locally)... (Cant have remote people being locked out

> > entirely)...

> >

> > I also assume that SMS is built for this kind of thing, but its an expense

> > I

> > cannot yet justify (Next years budget), if I do the thing mentioned above

> > and

> > create sites in ad sites and services, will SMS be able to use them and

> > work

> > with them (For example deploy Office 2007 in one site only, using BITS

> > transport...)

> >

> > Please help!

>

>

>

Guest Leythos

Guest Leythos

Posted
Posted

Re: 1 large head office and lots of branches!

 

In article <68987C23-0D16-4643-B1A0-10EADF544EFE@microsoft.com>,

UselessUser@discussions.microsoft.com says...

> I appreciate your help but nobody has really answered me as to whether other

> people do this using the sites concept like I mentioned earlie

 

Maybe that's because those of us with setups like you describe would not

attempt to do it your way. We would use terminal services and purchase

quality internet connections for the locations.

 

When you're talking 3-10 PC's at a single location you're not talking

enough for a server to make the management overhead viable.

 

Yes, they will be down if the Ineternet connection dies, but, Neoware

has Linux terminals that provide a web browser, RD/Citrix client, and

they are cheap, even support dual screens on some units.

 

With 150+ sites and only 600 users, you're already seeing the cost of

managing users vs providing them the business service they need and

limiting them to business.

 

Most of our clients have multiple offices, even in other countries, many

have data entry done via off-shore units, all of them implemented

terminal server solutions to maximize resources and lower down-time.

 

--

 

Leythos

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

 Share
Go to topic listing
×
×
  • Create New...