Friday, September 21, 2012 3:28 PM
I am looking for some suggestions. We have 75-100 computer in the field that are part of our 2003 Active Directory. These computers do not contact our Active Directory services once they are shipped to the end user. They do not VPN in, and at best visit the home office 1x a year.
We need to find a way to ensure these computers are getting Windows Updates, reporting inventory of the computer, remote control access to it and most importantly, a way to lockout or even kill the computer. I would prefer a way to extended Group Policies to these workstations also.
Friday, September 21, 2012 6:16 PMModerator
Following might help
Managing Workgroup Clients in SCCM
how to configure local group policies in workgroup environment Centrally ?
Exporting Domain Policy( GPO) to a Workgroup Client
group policy domain to workgroup
I do not represent the organisation I work for, all the opinions expressed here are my own.
This posting is provided "AS IS" with no warranties or guarantees and confers no rights.
Friday, September 21, 2012 6:20 PM
I know a CIE that work like that, got a lot of remote user. They do ;
- full disk encryption. (like mcafee fde)
- install samange tool. (a paid product, for the remote inventory).
- install logmein for remote control.
All other task they on the domain are from a remote TS session. No way I know to kill a remote PC like you can on a blackberry in exemple. The full disk encryption come there to help that. (they can still steal a laptop, but not the data)
Friday, September 21, 2012 6:55 PM
I will look at those options.
Maybe 'kill' isn't the right work. Lockout, disable access would be better. The situation is when an employee leaves the company, we can shutdown their access to the computer.
Microsoft Direct Access is what I really want, but we are not ready, nor are the software packages we use, for IPv6.
Friday, September 21, 2012 7:14 PM
When you close their account, all AD's ressource will be lock after.
If they use outlook, make them work with outlook anywhere, outlook in a remote app/xenapp, or OWA webpage login. etc..
Another method is to make them connect to a cloud PC for all your CIE use. Like to a XenDesktop or vmware view backend. The laptop / computer is just a receiver in that case. (you even got receiver for ipad and such device)
But you can't IMO cut the access for the local admin, as they can easilly crack that password anyway...
Tuesday, September 25, 2012 3:05 AMModerator
How are things going? I just want to check if the information provided was helpful. If there is any update or concern, please feel free to let us know.
TechNet Community Support
Tuesday, September 25, 2012 4:39 PMI did fill out the survey and also talked with a Techincal Rep from Microsoft about Intune. This person claims this can be done, but directed me to a reseller, which I have not heard back from, to find out the details.
- Marked As Answer by Aiden_CaoMicrosoft Contingent Staff, Moderator Friday, September 28, 2012 7:20 AM