Answer the question
In order to leave comments, you need to log in
Is it advisable to switch to a win-domain and portable profiles?
There are about 100 laptops in different cities of the Russian Federation
. You need to connect them to one domain and set up portable profiles.
The set of programs is standard, office: Skype, MSOffice, browser + a couple of software for remote administration and statistics collection.
(for the time being, using the example of TeamViewer and stuffcop)
UPD:
now it’s just laptops, each by itself, everyone has Internet access somehow configured and that’s it, on each computer there is a complete trash bin, often viruses, there is no one to administer (because for each call need to pay admin
we want to connect all the laptops to one network and put things in order. in principle, the solution has already been developed (by creating a corporate assembly with the necessary programs wired and access for a remote admin), but I also want to calculate the feasibility of including all the good stuff in the domain,
well, from the pluses, I see a decoupling from a specific machine - a person can go on a business trip to another city and log in there , having received the same working environment (shortcuts, programs, etc.)
as well as mass management - for example, we want to add a jabber or some other program to everyone - clap through the domain and you're done, and so cling and install 100 times through the remote control,
etc. to. I myself do not rummage in the possibilities of the domain,
I would like to hear from knowledgeable people what the pros and cons can be here
Answer the question
In order to leave comments, you need to log in
Pros: it is very convenient to back up user files, a single policy and other domain goodies.
Cons: with a large amount of data and a slow Internet connection, it will be very difficult to work with a laptop. You will be hated.
Summary: you do not need to deploy roaming profiles, you can add them to AD, but leave the ability to log in as a local user.
1 you need a network diagram
2 whether the profiles of all users will be on the same server or for each region its own server
3 calculate how long it will take to fill the profile with a bad connection
4 understand how many laptops can go beyond the network
5 this is all great, but if the laptop it is necessary to use on a trip the user does not have access to the documents that were in the profile, what should he do?
6 critical time to restore the laptop?
The most important question is why this hemorrhoid?
Plus for Terminal Services.
And it will be much easier for users, and for the administrator, and for the management.
In your case, I would not make roaming profiles, but looked towards citrix xendesktop www.citrix.com/products/xendesktop/overview.html . It is tuned without dancing with a tambourine. You can even run it on your smartphone. The only thing you need to buy licenses.
You make a Win domain with the necessary profiles, and store documents and the rest in repositories like git or mercurial.
Colleagues, with all due respect to Microsoft and Active Directory, I think in this case we have slightly overstated system requirements.
I would start not with roaming profiles and AD, but only with centralized purchased antivirus software.
For example, the same Trend Micro, and others will calmly allow you, without having any super knowledge:
to clean computers from viruses, keep them up to date, block visits to “bad” sites, install additional software if necessary.
Look at existing cloud solutions from Antivirus Companies.
It is possible to combine this with AD deployment, but not with roaming profiles!!! Roaming profiles are good when you have gigabit between the client and the server, and then there are problems when everyone comes to work at the same time in the morning and logs in.
If you can't wait to centralize the work of users so much - then yes, terminal solutions.
I have not worked with AD for a long time, nevertheless I advise you to try the following.
1. Drive everyone to the domain and give the rights of a regular user
2. Prevent users from running applications from all folders except Program Files, Windows (install Dropbox either in another folder or register an exception if possible)
3. Limit the size of profiles and move the "Desktop" folder to another place
4. Create a guest account for cases when you have to work out of place
Pros: centralized software management, group policies for programs (Google Chrome, Skype), lack of mail agents, satellites, bars and other malware
Life hack: if you have a centrally managed antivirus, you can add unwanted software there as a dangerous object and it will be removed immediately after installation.
Cons: you may have to fight with setting up profiles
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question