Re: Laptops on Active Directory

[Michelle Mueller <muellerm () MTMARY EDU>]

Our solution has been to give the faculty local admin rights to their
laptops and activate offline files.    You can give local admin rights
by going into Computer Management on that laptop, Local Users and
Groups, Groups, Administrators, and adding the user id to that group.
This will give them installation rights on that machine but not
additional rights on the domain. Of course, that also means that they
can install any program they want, which presents it's own problems.
And, if you use roaming profiles, this will cause additional problems
for these laptop users.  Every time they login off the network, their
laptop will not be able to find their profile and will log them in with
a temporary one.  Anything they save in My Documents will disappear when
they log off as the computer gets rid of this temporary profile.  We've
trained our laptop users to manually change the save location each time
they save to avoid this.  With a few users who I know will not be
logging into other computers, I've removed their roaming profile so that
it is saved on their laptop instead of the network.  That has solved
many problems that logging in off line has presented.   It's made the
whole process darn near perfect.

The final problem in all of this is something that we have yet to deal
with.  Internet security when these laptops are connected at home.  What
to do about a firewall.  On and off for the past year, I've tried
configuring Symantec Client Firewall and Zone Alarm on a laptop and both
caused nothing but problems.  They interfered severely with the domain
network connection and local admin rights didn't seem to be enough
rights to make them work for the user.  It's frustrated me to the point
of giving up.  Then, about two weeks ago, I gave Zone Alarm another
try.  (I had a user who I knew was going to connect at home via Road
Runner without a firewall and thought it the perfect time to try out
ZA's new version.)  It actually worked with minimal configuration!  I'm
very excited about this because I can't tell you how many hours I've put
into trying to get a firewall to work properly on these laptops.  We
still need to work out the details of using this program because it is
only free for home users.  But the program does work.

Michelle Mueller
Network Specialist
Mount Mary College
Milwaukee, WI



Chad McDonald wrote:

> About a year ago, we implemented Active Directory on our campus and
> have managed to effectively manage our desktop clients.  We recently
> made a large purchase of laptops and would like to further our
> successes with Active Directory.  The major hurdle that we have come
> up against is the need for users to connect laptops to their ISPs at
> home, particularly where there is a need to add software.  I am sure
> that some of you have arguments for or against, but at this point I am
> threatened with loosing the foothold that we have made with our
> desktops as faculty threaten to take this to the University Senate and
> overturn the standing policy.  Right now I am looking for a work
> around that will allow us to use AD and still allow faculty the
> flexibility that they desire.  Any advice that you can offer will
> certainly be helpful.
>
>
>
> Thanks,
>
> Chad McDonald, CISSP
>
> Director of Campus Computer Support Services
>
> Georgia College & State University
>
> Phone   478.445.4473
>
> Fax       478.445.1202
>
> Email    chad.mcdonald () gcsu edu <mailto:chad.mcdonald () gcsu edu>
>
> Home Page       http://chadmcdonald.net <http://chadmcdonald.net/>
>
>
>
> ********** Participation and subscription information for this
> EDUCAUSE Discussion Group discussion list can be found at
> http://www.educause.edu/groups/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.