Michael wrote:
> Thanks for your response, Lanwench (great handle, BTW). I understand
> your point.
>
> Apparently (or so I'm told by the users), the IT people at the job
> sites (which are primarily financial institutions - very
> conservative) are have concerns about security, which is what is
> driving the domain change. My people need to access files and run
> programs on the client's domain. Sometimes, the clients will not even
> give my people access to their network to get out to the web, so they
> can't even access email via OWA, but that's a whole other issue.
Oy. Frankly, if they're concerned with security, they shouldn't allow
*anyone* to connect a non-company-owned computer to their network. How do
they know it's a "clean" computer?
Why can't they just let the consultant use a desktop that's been set up for
their domain, to their standards? I wouldn't let anyone bring a laptop into
one of my clients' networks and plug it in at all.... don't want unwanted
visitors on my networks.
>
> The larger consideration, for me, is whether the current approach is
> viable in such a dispersed environment. If an employee leaves, I
> need to reissue the laptop, but it has to come back to me to be
> reconfigured with a new machine name,
Use standard non-personalized computer names.....companyw001 (w for
workstation) etc.
> user names and rights, and new
> Outlook settings (with an .ost, etc.).
Roaming profiles will help you with this. You can set them up with a profile
on any XP Pro desktop and then log them into the laptop once to cache it.
> This is proving to be
> difficult at best. I've never really worked in such a
> non-traditional networking environment, and wonder how other people
> handle this kind of thing.
I don't let users change their domain membership at all. Since I do tend to
grant laptop users local admin rights (so they can add printers, etc etc
etc), I just threaten them with grievous bodily harm if they muck around
with their network settings at all, or install software of any kind.
However, see MultiNetworkManager from
www.globesoft.com if you absolutely
must support this. I wouldn't, but that's just me.
>
> --michael
>
>
> "Lanwench [MVP - Exchange]"
> <(E-Mail Removed) ahoo.com> wrote in
> message news:(E-Mail Removed)...
>> Michael wrote:
>>> I've recently come into a position supporting a company with about
>>> 150 remote laptop users. They connect to email thru OWA using SSL,
>>> and also to the company network using a Cisco VPN client for file
>>> sharing.
>>>
>>> The problem is, when laptops are built for new employees, they are
>>> added to the domain so that the user has a profile, Exchange/outlook
>>> mail account, home directory, and machine account.
>>>
>>> They are sometimes required to join the domain of the site they are
>>> working at (it's a consultancy firm),
>>
>> Why do you say "required" ?
>>
>>> and to re-join the company's
>>> domain, they have to come back to an office and be changed back.
>>> This is, of course, a problem.
>>
>> Why do they need to join the other domain at all? They can log in
>> with cached credentials and then access resources on the other
>> network(s) at will. I wouldn't mess with domain membership; there's
>> no point.
>>>
>>> Is there a best-practices for supporting users of a distributed
>>> "network" such as this, or does anyone have suggestions on how this
>>> might best be done?
>>
>> Once they've logged in using their domain account (using cached
>> credentials), and have an IP address on the other network, they can
>> map drives, use printers, whatnot, very easily - one way, in a
>> command line:
>>
>> net use x: \\server\sharename /user:OtherDomain\username <enter>
>>
>> etc - can even put that in a batch file. Or use Windows Explorer to
>> map drives.
>>
>>>
>>> Thanks.
>>> --michael
Similar Threads
Linear Mode
