Windows 2003 Sort of an odd question ...... desktop vs. laptops

  • Thread starter Thread starter Dave Cason
  • Start date Start date
D

Dave Cason

Hi Everyone,

Here's sort of odd basic question. I have SBS running with about 10 local
clients and I now have 5 of them who are going to laptops.
So sometimes they’re here and others they could be working from a hotel,
etc. We run Exchange and File and Print services and
that’s about it.

What’s the best way for them to get in to the network? If I make them
members as usual then when they go out they won’t be able
to authenticate to the server when they want to work outside the office.

- Should I make them all local accounts and have them work in a workgroup
only to be able to get in and pull mail, etc?
- Should I create two profiles on the laptops for when they are here and
then when they are remote?
- Would there be two or more profiles to use, should the laptop be a member
of the domain?

Is there a best practices way to have people on laptops? I myself don’t
know ……

Cheers’
Dave
 
They can join the domain and logon using credentials when they are out of the office so that they have just one profile.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message news:17AAF222-75CB-40B2-862E-4E7FD039F586@microsoft.com...
Hi Everyone,

Here's sort of odd basic question. I have SBS running with about 10 local
clients and I now have 5 of them who are going to laptops.
So sometimes they’re here and others they could be working from a hotel,
etc. We run Exchange and File and Print services and
that’s about it.

What’s the best way for them to get in to the network? If I make them
members as usual then when they go out they won’t be able
to authenticate to the server when they want to work outside the office.

- Should I make them all local accounts and have them work in a workgroup
only to be able to get in and pull mail, etc?
- Should I create two profiles on the laptops for when they are here and
then when they are remote?
- Would there be two or more profiles to use, should the laptop be a member
of the domain?

Is there a best practices way to have people on laptops? I myself don’t
know ……

Cheers’
Dave
 
Hi Rob,

OK, so take the computer, JOIN the domain, and they'll get in when they have
the right LoginName and Password and DOMAIN listed in the credentials but if
they go mobile and the domain is not avial. and they have no local profile
how can they login?

Don't I have to create a local login profile on the laptop and that will let
the user then pick the DOMAIN or LAPTOPNAME (this computer) to get in when
they are away right? Will that create two profiles and desktops on the
laptop or just one?

BTW - thanks for the help, I know its a dumb question but I just want to
know if I'm doing it the best way! Or there is a better way to do it that
I've never tried....

Cheers'
Dave


"Robert L [MVP - Networking]" wrote:
> They can join the domain and logon using credentials when they are out of the >office so that they have just one profile.
> Bob Lin, MS-MVP, MCSE & CNE


> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message
> Hi Everyone,
> Here's sort of odd basic question. I have SBS running with about 10 local
> clients and I now have 5 of them who are going to laptops.
> So sometimes they’re here and others they could be working from a hotel,
> etc. We run Exchange and File and Print services and
> that’s about it.
> What’s the best way for them to get in to the network? If I make them
> members as usual then when they go out they won’t be able
> to authenticate to the server when they want to work outside the office.
>
> - Should I make them all local accounts and have them work in a workgroup
> only to be able to get in and pull mail, etc?
> - Should I create two profiles on the laptops for when they are here and
> then when they are remote?
> - Would there be two or more profiles to use, should the laptop be a member
> of the domain?
> Is there a best practices way to have people on laptops? I myself don’t
> know ……Cheers’Dave
 
> OK, so take the computer, JOIN the domain, and they'll get in when they
> have
> the right LoginName and Password and DOMAIN listed in the credentials but
> if
> they go mobile and the domain is not avial. and they have no local profile
> how can they login?


They will use cached credentials. They just log into the laptop as if the
domain were there.

> Don't I have to create a local login profile on the laptop and that will
> let
> the user then pick the DOMAIN or LAPTOPNAME (this computer) to get in when
> they are away right? Will that create two profiles and desktops on the
> laptop or just one?

No you don't have to. This would create another layer of administration. You
can lock the laptop down using group policies from the domain. When they are
on the road and they log in with their domain credentials, those group
policies will be in effect. If they log in locally, you would have to create
a local policy to lock down the laptop when they log in locally. You would
have to do this per laptop.

hth
DDS

"Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message
news:8E6F6900-6426-4A56-8581-6C17D5C9F662@microsoft.com...
> Hi Rob,
>
> OK, so take the computer, JOIN the domain, and they'll get in when they
> have
> the right LoginName and Password and DOMAIN listed in the credentials but
> if
> they go mobile and the domain is not avial. and they have no local profile
> how can they login?
>
> Don't I have to create a local login profile on the laptop and that will
> let
> the user then pick the DOMAIN or LAPTOPNAME (this computer) to get in when
> they are away right? Will that create two profiles and desktops on the
> laptop or just one?
>
> BTW - thanks for the help, I know its a dumb question but I just want to
> know if I'm doing it the best way! Or there is a better way to do it that
> I've never tried....
>
> Cheers'
> Dave
>
>
> "Robert L [MVP - Networking]" wrote:
>> They can join the domain and logon using credentials when they are out of
>> the >office so that they have just one profile.
>> Bob Lin, MS-MVP, MCSE & CNE
>
>
>> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message
>> Hi Everyone,
>> Here's sort of odd basic question. I have SBS running with about 10
>> local
>> clients and I now have 5 of them who are going to laptops.
>> So sometimes they're here and others they could be working from a
>> hotel,
>> etc. We run Exchange and File and Print services and
>> that's about it.
>> What's the best way for them to get in to the network? If I make them
>> members as usual then when they go out they won't be able
>> to authenticate to the server when they want to work outside the
>> office.
>>
>> - Should I make them all local accounts and have them work in a
>> workgroup
>> only to be able to get in and pull mail, etc?
>> - Should I create two profiles on the laptops for when they are here
>> and
>> then when they are remote?
>> - Would there be two or more profiles to use, should the laptop be a
>> member
>> of the domain?
>> Is there a best practices way to have people on laptops? I myself don't
>> know ..Cheers'Dave
 
OK, so I can create each user on their new laptops just as if I have them
always connected to the domain so if they disconnect from the network the PC
will still let them log in. Correct?

We also give them local admin right's for the machines becasue the boss
wants them to have the abilbity to add / remove pgms from the laptop. (not my
idea)
Will that stay in the cached credentials?

Also, there are no policys being pushed out to the laptops right now so how
hard is it to create one? Do the laptops still join the domain, I would
assume so?

Cheers'
Dave


"Danny Sanders" wrote:
> They will use cached credentials. They just log into the laptop as if the
> domain were there.
>
> No you don't have to. This would create another layer of administration. You
> can lock the laptop down using group policies from the domain. When they are
> on the road and they log in with their domain credentials, those group
> policies will be in effect. If they log in locally, you would have to create
> a local policy to lock down the laptop when they log in locally. You would
> have to do this per laptop.
> hth
> DDS
>
> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message
> news:8E6F6900-6426-4A56-8581-6C17D5C9F662@microsoft.com...
> > Hi Rob,
> >
> > OK, so take the computer, JOIN the domain, and they'll get in when they
> > have the right LoginName and Password and DOMAIN listed in the credentials
> > but if they go mobile and the domain is not avial. and they have no local profile
> > how can they login? Don't I have to create a local login profile on the laptop and > > that will let the user then pick the DOMAIN or LAPTOPNAME (this computer) to > > get in when they are away right? Will that create two profiles and desktops on > > the laptop or just one?
> >
> > "Robert L [MVP - Networking]" wrote:
> >> They can join the domain and logon using credentials when they are out of
> >> the >office so that they have just one profile.
> >> Bob Lin, MS-MVP, MCSE & CNE
> >
> >
> >> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message
> >> Hi Everyone,
> >> Here's sort of odd basic question. I have SBS running with about 10
> >> local
> >> clients and I now have 5 of them who are going to laptops.
> >> So sometimes they're here and others they could be working from a
> >> hotel,
> >> etc. We run Exchange and File and Print services and
> >> that's about it.
> >> What's the best way for them to get in to the network? If I make them
> >> members as usual then when they go out they won't be able
> >> to authenticate to the server when they want to work outside the
> >> office.
> >>
> >> - Should I make them all local accounts and have them work in a
> >> workgroup
> >> only to be able to get in and pull mail, etc?
> >> - Should I create two profiles on the laptops for when they are here
> >> and
> >> then when they are remote?
> >> - Would there be two or more profiles to use, should the laptop be a
> >> member
> >> of the domain?
> >> Is there a best practices way to have people on laptops? I myself don't
> >> know ..Cheers'Dave
>
>
>
 
> OK, so I can create each user on their new laptops just as if I have them
> always connected to the domain so if they disconnect from the network the
> PC
> will still let them log in. Correct?

Not totally following this question. Add the computer to the domain and let
the user log onto the computer for the first time while it's connected to
the domain.
These credentials are now cached.
Using the same username and password and logging onto the domain (select the
domain from the dropdown list NOT "this computer") the user above will log
on using cached credentials when the domain is not available.

> We also give them local admin right's for the machines becasue the boss
> wants them to have the abilbity to add / remove pgms from the laptop. (not
> my
> idea)
> Will that stay in the cached credentials?

There are domain accounts and there are local accounts. Domain accounts are
controlled by the server, cached credentials come into play when logging on
to the domain when the domain server (which controls the domain accounts) is
not available.
This is a local account controlled by the local computer. No need for cached
credentials. The username and password for *local* accounts are stored on
the local computer. You will *never* log into a local computer without the
computer being available.


> Also, there are no policys being pushed out to the laptops right now so
> how
> hard is it to create one? Do the laptops still join the domain, I would
> assume so?

See:
http://support.microsoft.com/kb/818735/en-us

and yes they have to be a member of the domain to push down group policies.
"Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message
news:1294E15D-0790-49D6-B11B-357476FFAE88@microsoft.com...
> OK, so I can create each user on their new laptops just as if I have them
> always connected to the domain so if they disconnect from the network the
> PC
> will still let them log in. Correct?
>
> We also give them local admin right's for the machines becasue the boss
> wants them to have the abilbity to add / remove pgms from the laptop. (not
> my
> idea)
> Will that stay in the cached credentials?
>
> Also, there are no policys being pushed out to the laptops right now so
> how
> hard is it to create one? Do the laptops still join the domain, I would
> assume so?
>
> Cheers'
> Dave
>
>
> "Danny Sanders" wrote:
>> They will use cached credentials. They just log into the laptop as if the
>> domain were there.
>>
>> No you don't have to. This would create another layer of administration.
>> You
>> can lock the laptop down using group policies from the domain. When they
>> are
>> on the road and they log in with their domain credentials, those group
>> policies will be in effect. If they log in locally, you would have to
>> create
>> a local policy to lock down the laptop when they log in locally. You
>> would
>> have to do this per laptop.
>> hth
>> DDS
>>
>> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message
>> news:8E6F6900-6426-4A56-8581-6C17D5C9F662@microsoft.com...
>> > Hi Rob,
>> >
>> > OK, so take the computer, JOIN the domain, and they'll get in when they
>> > have the right LoginName and Password and DOMAIN listed in the
>> > credentials
>> > but if they go mobile and the domain is not avial. and they have no
>> > local profile
>> > how can they login? Don't I have to create a local login profile on the
>> > laptop and > > that will let the user then pick the DOMAIN or
>> > LAPTOPNAME (this computer) to > > get in when they are away right?
>> > Will that create two profiles and desktops on > > the laptop or just
>> > one?
>> >
>> > "Robert L [MVP - Networking]" wrote:
>> >> They can join the domain and logon using credentials when they are out
>> >> of
>> >> the >office so that they have just one profile.
>> >> Bob Lin, MS-MVP, MCSE & CNE
>> >
>> >
>> >> "Dave Cason" <DaveCason@discussions.microsoft.com> wrote in message
>> >> Hi Everyone,
>> >> Here's sort of odd basic question. I have SBS running with about 10
>> >> local
>> >> clients and I now have 5 of them who are going to laptops.
>> >> So sometimes they're here and others they could be working from a
>> >> hotel,
>> >> etc. We run Exchange and File and Print services and
>> >> that's about it.
>> >> What's the best way for them to get in to the network? If I make
>> >> them
>> >> members as usual then when they go out they won't be able
>> >> to authenticate to the server when they want to work outside the
>> >> office.
>> >>
>> >> - Should I make them all local accounts and have them work in a
>> >> workgroup
>> >> only to be able to get in and pull mail, etc?
>> >> - Should I create two profiles on the laptops for when they are here
>> >> and
>> >> then when they are remote?
>> >> - Would there be two or more profiles to use, should the laptop be a
>> >> member
>> >> of the domain?
>> >> Is there a best practices way to have people on laptops? I myself
>> >> don't
>> >> know ..Cheers'Dave
>>
>>
>>
 
Back
Top