Educause Security Discussion mailing list archives
Re: Laptops on Active Directory
From: Michelle Mueller <muellerm () MTMARY EDU>
Date: Mon, 20 Sep 2004 09:26:08 -0500
Our solution has been to give the faculty local admin rights to their laptops and activate offline files. You can give local admin rights by going into Computer Management on that laptop, Local Users and Groups, Groups, Administrators, and adding the user id to that group. This will give them installation rights on that machine but not additional rights on the domain. Of course, that also means that they can install any program they want, which presents it's own problems. And, if you use roaming profiles, this will cause additional problems for these laptop users. Every time they login off the network, their laptop will not be able to find their profile and will log them in with a temporary one. Anything they save in My Documents will disappear when they log off as the computer gets rid of this temporary profile. We've trained our laptop users to manually change the save location each time they save to avoid this. With a few users who I know will not be logging into other computers, I've removed their roaming profile so that it is saved on their laptop instead of the network. That has solved many problems that logging in off line has presented. It's made the whole process darn near perfect. The final problem in all of this is something that we have yet to deal with. Internet security when these laptops are connected at home. What to do about a firewall. On and off for the past year, I've tried configuring Symantec Client Firewall and Zone Alarm on a laptop and both caused nothing but problems. They interfered severely with the domain network connection and local admin rights didn't seem to be enough rights to make them work for the user. It's frustrated me to the point of giving up. Then, about two weeks ago, I gave Zone Alarm another try. (I had a user who I knew was going to connect at home via Road Runner without a firewall and thought it the perfect time to try out ZA's new version.) It actually worked with minimal configuration! I'm very excited about this because I can't tell you how many hours I've put into trying to get a firewall to work properly on these laptops. We still need to work out the details of using this program because it is only free for home users. But the program does work. Michelle Mueller Network Specialist Mount Mary College Milwaukee, WI Chad McDonald wrote:
About a year ago, we implemented Active Directory on our campus and have managed to effectively manage our desktop clients. We recently made a large purchase of laptops and would like to further our successes with Active Directory. The major hurdle that we have come up against is the need for users to connect laptops to their ISPs at home, particularly where there is a need to add software. I am sure that some of you have arguments for or against, but at this point I am threatened with loosing the foothold that we have made with our desktops as faculty threaten to take this to the University Senate and overturn the standing policy. Right now I am looking for a work around that will allow us to use AD and still allow faculty the flexibility that they desire. Any advice that you can offer will certainly be helpful. Thanks, Chad McDonald, CISSP Director of Campus Computer Support Services Georgia College & State University Phone 478.445.4473 Fax 478.445.1202 Email chad.mcdonald () gcsu edu <mailto:chad.mcdonald () gcsu edu> Home Page http://chadmcdonald.net <http://chadmcdonald.net/> ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Laptops on Active Directory Chad McDonald (Sep 20)
- <Possible follow-ups>
- Re: Laptops on Active Directory Michelle Mueller (Sep 20)
- Re: Laptops on Active Directory Bob Kehr (Sep 20)