none
Managing remote users - remote options with AD RRS feed

  • Question

  • Hello all,

    Here is my scenario.  Without too much details I manage the IT infrastructure for an online entity.  Roughly 93% of my users that I support work from their home offices, using their home ISPs (random mix of cable, dsl, satellite, just depends on where they live).  We have a central office, running a mixed 2k3/2k8 domain but the remote users have nothing to do with the domain.  They don't VPN and their laptops are not part of the domain.  I'd very much love to be able to add their machines to the domain, manage their patches and roll out policies via GPO's, but given they can't see the domain I have not been able to without using a third party agent.  If there are any thoughts or ideas that may help my scenario I'd love to hear them.

    Tuesday, May 10, 2011 11:08 PM

Answers

  • What do you mean by keep them all out or all in?

    The DirectAccess Option keeps them all in. all workstations are domain joined always connected to the corperate network and all traffic goes first to the home office before it goes on the then internet. So you can even control there internet browsing.

     

    The Intune option keeps them all out. There not domain joined workstations but you have a means to still be in control of their security settings and there patch levels.

     

    Could you please explain what you try to accomplish


    Follow me on Twitter (RickSlager) for updates about all latest news from Microsoft
    • Proposed as answer by Alex Cohen Monday, May 16, 2011 1:00 PM
    • Marked as answer by Kevin Remde Sunday, October 30, 2011 4:16 PM
    Wednesday, May 11, 2011 8:12 PM

All replies

  • Hi AZITPro,

     

    There are two options in my opinion.

    If the workstations are owned by the organization you work for you can try to use DirectAccess.

    http://www.microsoft.com/windows/enterprise/products/windows-7/features.aspx#directaccess

     

    But this needs Windows 7 enterprise on your workstations an UAG server on your edge. When you have Directaccess deployed you can use the normal tools to manage your remote pcs.

    This can be an expansive option.

     

    Second option that I thing will work better is Windows Intune.

    http://www.microsoft.com/online/windows-intune.aspx

    This helps you manage remote workplaces with a super easy web console.

    hope this helps


    Follow me on Twitter (RickSlager) for updates about all latest news from Microsoft
    Wednesday, May 11, 2011 8:15 AM
  • No. keep them all out, or all in. Anything in between is unrealistic expectations.

     

     


    *alex
    • Proposed as answer by Alex Cohen Monday, May 16, 2011 1:00 PM
    Wednesday, May 11, 2011 3:00 PM
  • What do you mean by keep them all out or all in?

    The DirectAccess Option keeps them all in. all workstations are domain joined always connected to the corperate network and all traffic goes first to the home office before it goes on the then internet. So you can even control there internet browsing.

     

    The Intune option keeps them all out. There not domain joined workstations but you have a means to still be in control of their security settings and there patch levels.

     

    Could you please explain what you try to accomplish


    Follow me on Twitter (RickSlager) for updates about all latest news from Microsoft
    • Proposed as answer by Alex Cohen Monday, May 16, 2011 1:00 PM
    • Marked as answer by Kevin Remde Sunday, October 30, 2011 4:16 PM
    Wednesday, May 11, 2011 8:12 PM