Re: Remote Client Configuration
- From: v-chayan@xxxxxxxxxxxxxxxxxxxx ("Charles Yang [MSFT]")
- Date: Fri, 02 Dec 2005 07:28:54 GMT
HI Chris,
Thanks for detailed updates.
>From your description, it seems you want to know if it is possible to join
the client computer to the SBS domain via connect computer wizard remotely.
After confirm with our SP, I am sorry for some wrong information, you have
to put the laptop to the local network then join to the SBS domain, then
next time you can logon the SBS domain with your current user name and
password, this should be cache credential logon, this will enable the
remote user logon to SBS domain without a DC exists.
It seems you also have some concerns on the GPO updates issue and roaming
profile updates issue. Now let me clarify the issue more clearly, for the
roaming profile, it will be store on the SBS server instead of storing on
each client computer, so it is convenient for administrator to backup and
manage the profile, when you logon the SBS domain but not within the SBS
local network or via dial up VPN connection, you will use an local copy on
roaming profile on the temp folder.
When the logon is done with cached credentials, and then a remote access
connection is established, Group Policy is not applied during logon. For
example, if users connecting through a VPN connection are logging in via
cached credentials, folder redirection settings will not be processed,
because folder redirection policy can only be processed at user logon, not
in the background refresh.
For group policy issue, we suggest you refer to the following KB article,
it will help you understand the issue more clearly:
227260 How a Slow Link Is Detected for Processing User Profiles and Group
Policy
http://support.microsoft.com/?id=227260
227369 Default Behavior for Group Policy Extensions with Slow Link
http://support.microsoft.com/?id=227369
842007 You experience synchronization problems if you do not disable the
cache
http://support.microsoft.com/?id=842007
So the user's roaming profile will be only sync when using a dial up VPN
connection or connect to the local network. But you do not need to worry
about that, all the thing include the GPO and profile will be updates then.
For the offline folder it is different from the roaming profile, it can be
sync any time the shared folder is available for the remote computer.
Hope the above information helpful for your issue. I am glad to be of
assistance. Sorry for any inconvenience.
Best regards,
Charles Yang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Chris Guimbellot" <cguimbellot@xxxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <uF62xLd9FHA.2176@xxxxxxxxxxxxxxxxxxxx>
<00CTomj9FHA.4000@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Remote Client Configuration
| Date: Fri, 2 Dec 2005 00:39:21 -0500
| Lines: 286
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| Message-ID: <ul6lALw9FHA.2816@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: mail.hospitality-international.com 71.16.180.114
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:227224
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Charles,
|
| Thanks for the response, my replies are below. Also, I wanted to let you
| know that I have a notebook here that is configured just as my traveling
| employees and is not connected to the physical LAN in the office (I am
using
| Verizon too), so I can simulate the changes we try without wasting my
guys'
| time.
|
| > Before we go any further, we need to know how you plan to connect the
| > remote computer to SBS 2003 domain via VPN connection after the remote
| > user
| > logon the remote computer locally or connect the SBS domain via dial in
| > VPN
| > connection when user logon to the remote computer.
|
| > Here I assume that you want to use a dial in VPN connection to connect
the
| > remote computer with SBS local network.
|
| Actually, my users currently connect by logging on to the computer (with
the
| domain listed in the "Log in to:" drop-down on the login screen), but not
| clicking on the "Log on using dial up connection". They dont actually
| connect using the VPN until after they are logged an and have established
| their connection to the internet. The reason I have them log in that way
is
| so they dont have to have an internet connection to use their computers.
I
| like for them to be able to get to those offline folders and use the
| software without having to log in over that slow connection. They only
log
| in when it is time to synchronize their offline files or their email with
| the Exchange server.
|
| That said, most of your solutions dont apply to me (at least I think),
| unless there is a way to update group policy, roaming user profiles, etc.
| after establishing the VPN connection.
|
| > If so the steps you mentioned first is right on target you can follow
that
| > steps to join the remote computer to SBS domain. For your concerns about
| > the question, please refer to my answer one by one:
|
| I dont think that the Network Configuration website would work to connect
to
| the network (either for logging into the network using "log on using
dial-up
| networking"or logging in locally then establishing the VPN. The reason I
say
| that is because when I logged in to a test notebook then established the
| VPN, when I tried to run the Network Configuration website, I received
the
| following error: "The Small Business Server Network Configuration Wizard
| will only run over a Local Area Network connection. Deactivate any
dial-up
| or virtual private network (VPN) connections, connect the client computer
to
| the server using a Local Area Connection, and try again.
|
| That said, how should I have them join the network? I tried to change the
| network under "Computer Name Changes" after logging in to the VPN, and it
| worked. The problem is that when I tried to log back in, it would not let
me
| into the domain because it could not find my user account. Then, when I
| tried to change the Log on to dropdown to the local computer, it gets
this
| box that says "Please wait while the domain list is created" and it takes
| forever to go away.
|
| The only way I think I would be able to get around that would be to have
| them log in using a dial-up connection, but then it would have to dial
| Verizon, then the VPN. It seems like at that point it would be getting
too
| complicated for me to guide my user through over the phone. What do you
| think?
|
| There is also the "Create Remote Connection Disk". It looks like all that
| does is install the "Connect to Small Business Server" VPN-like
connection.
| This has nothing to do with connecting these computers to the network
does
| it?
|
| One thing I have heard would be a possibility is to have the computer
| changed from a domain to a workgroup with the same name. Does that seem
like
| something that might work here? If so, how does it effect my other issues?
|
| > 1. Will the offline files will be gone when the user logs back on?
| >
| > Based on my research, the offline file is not depend on which OS
system,
| > so
| > if the shared folder is still available on SBS 2003 domain which the
| > offline file is enabled when the user log back the offline file will not
| > disappear, if not you had to backup the offline file on the SBS server
or
| > client side first then make it available on a server new shared folder.
|
| It looks that way to me. I will verify when I start getting these clients
| on. Thanks.
|
| > 2. Do they actually need the firewall client if they are never in the
| > building?
| >
| > Firewall client will be useful for the client user as we do not need to
| > configure special packet filtering on the ISA server for those client
| > computer, they can access the internet through SBS 2003 without any
| > problem. But if they do not use the SBS server to access the internet,
you
| > do not need to install the firewall client. It depends on if you want to
| > control the internet connection of remote user.
|
| Thanks for the explanation. I do not need them to access the internet
| through the server. What I will do, is install the firewall client on the
| users that do come in every few weeks and use their notebooks in the
office
| so that they wont have any problems.
|
| > 3. What happens to their current profile when they log onto the new
| > network?
| >
| > As I know, when they log to the new domain, a new profile will be
created,
| > it will not impact the original profile, however you can use the KB
| > article
| > below to restore the user profile and use it on the new SBS 2003 domain:
| >
| > 314045 HOW TO: Restore a User Profile in Windows 2000
| > http://support.microsoft.com/?id=314045
|
| I read the article and it looks easy enough. Thanks.
|
| > 4. What about Group Policy? I run WSUS and was thinking about creating a
| > new OU for the mobile users and setting WSUS to tell them to get their
| > updates direct from Windows Update servers.
| >
| > Generally speaking, as you want to deploy the group policy for the
remote
| > user, it is possible to do that, due to the network speed issue, we
| > suggest
| > you refer to the article below to set a slow link for remote computer
when
| > deploy group policy, it might reduce the network traffic and make the
| > logon
| > process more effectively:
| >
| > 819108 Settings for minimizing periodic WAN traffic
| > http://support.microsoft.com/?id=819108
| >
| > 811525 Configure Slow Link Speed Group Policy does not force offline
files
| > to
| > http://support.microsoft.com/?id=811525
|
| Glad you pointed me to this article. From this article as well as my
other
| research, it looks like no matter whether you log into the domain or you
log
| into a local profile and connect via the VPN, as long as the computer is
a
| member of the domain, group policy will refresh. Thats good to know. I
guess
| that I shouldnt even consider configuring these things in a workgroup
| setting.
|
| Also, how can you tell that the slow link is working for the offline
files?
| It seems that when I connect to the VPN, after a few seconds, I am
working
| online, then when I disconnect, I an then working offline. I cant think
of a
| time that when I was on a slow network, it didnt tell me I was online as
| long as I was connected to the VPN.
|
| .> 5. What is the difference between Connection Manager and the VPN they
| > already have installed?
| >
| > Both are VPN connection, just as I said the VPN they already installed
| > might be a dial in VPN connection, but the connection management should
be
| > considered as a VPN connection that you can use the remote computer to
| > logon locally then establish the VPN connection via the connection
| > management. There are not so many difference between them.
|
| Looks that way to me too. Thanks for the clarification.
|
| > 6. Should I use Roaming User Profiles like I have for the other users?
If
| > so, how do they update to the server?
| >
| > You can use roaming profile, they will update with the server profile as
| > the local network user, however if you enable the slow link for group
| > policy we may have some special design for sync the profile with SBS
| > server
| > for optimize the network traffic on the slow WAN link., you can refer to
| > the article below:
| >
| > 227260 How a Slow Link Is Detected for Processing User Profiles and
Group
| > Policy
| > http://support.microsoft.com/?id=227260
|
| Thanks, here I learned how to configure the slow link via GPO, a question
I
| had after reading 811525.
|
| It seems though that the only way to update the roaming profile is by
| logging into the network instrad of being able to snchronize. Is there
| anyway, that the users could "upload" or "synchronize" their profiles
with
| the server without having to log on using a dial up connection?
|
| > For more information, I suggest you refer to the SBS website for the SBS
| > documents about deploying the SBS 2003 domain.
| >
| This assumes that you log into the domain> Further information:
| >
| > When configure SBS 2003 domain, the most effective wizard should be
CEICW,
| > do not forget to use, it will save you a lot of time.
| >
| > 825763 How to configure Internet access in Windows Small Business Server
| > 2003
| > http://support.microsoft.com/?id=825763
| >
| > Hope the above information helpful enough to your issue. I really
| > appreciate your effort on this issue, please feel free to let me know
the
| > results.
|
| I appreciate all of your help and look forward to your response.
|
| Chris
|
| > | From: "Chris Guimbellot" <cguimbellot@xxxxxxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Remote Client Configuration
| > | Date: Wed, 30 Nov 2005 12:24:36 -0500
| > | Lines: 53
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| > | Message-ID: <uF62xLd9FHA.2176@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: mail.hospitality-international.com 71.16.180.114
| > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| > | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:226731
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hello,
| > |
| > | SBS2003, XP clients.
| > |
| > | I had an SBS2000 network, but recently installed an SBS2003 box and
put
| > the
| > | old one to bed. The new server has the same server and domain names as
| > the
| > | old one did. I was easily able to configure all of the clients for the
| > new
| > | network by running the Network Configuration website on the server
| > | (http://servername.connectcomputer). Now it is time to set up the
remote
| > | computers. That is where I am sort of lost. Here is the situation: I
| > have
| > | about 7 mobile users (salesmen) using notebooks. They are currently
set
| > up
| > | to log into the old SBS2K network. The use the internet, OutlookXP for
| > | email, and use offline files from departmental folders located on the
| > | server. They connect to the server via VPN. My question is, how can I
| > set
| > | them up on the new network? They connect via slow connections (Verizon
| > | NationalAccess BroadbandAccess). I would think that installing the
| > client
| > | apps (namely Outlook 2003 and firewall client) could not work on such
a
| > slow
| > | connection. That said, here is what I was thinking about doing:
| > |
| > | 1. Have them uninstall the old firewall client.
| > | 2. Have them VPN into the new server using their existing VPN
| > connection.
| > | 3. Run the Network Configuration website to join their computer to the
| > | domain.
| > | 4. Upon restart, have them install Outlook 2003, the new Firewall
| > Client,
| > | and the Connection Manager via a CD I send them.
| > | 5. Have them install TrendMicro (oh yeah, they will be using
TrendMicro
| > CS)
| > | from the same CD.
| > |
| > | Is this the correct way to perform the client setup. I am worried
about
| > a
| > | few things:
| > |
| > | 1. Will the offline files will be gone when the user logs back on?
| > | 2. Do they actually need the firewall client if they are never in the
| > | building?
| > | 3. What happens to their current profile when they log onto the new
| > network?
| > | 4. What about Group Policy? I run WSUS and was thinking about
creating a
| > new
| > | OU for the mobile users and setting WSUS to tell them to get their
| > updates
| > | direct from Windows Update servers.
| > | 5. What is the difference between Connection Manager and the VPN they
| > | already have installed?
| > | 6. Should I use Roaming User Profiles like I have for the other
users?
| > If
| > | so, how do they update to the server?
| > | 7. How many other issues have I not thought of?
| > |
| > | I am trying to avoid having them send in their notebooks just so I can
| > | configure them. There has to be some sort of guide out there or
someone
| > with
| > | some war stories to share. If I have not been clear enough or I need
to
| > | provide more information, I would be happy to. I appreciate any
| > responses.
| > | Thanks in advance,
| > |
| > | Chris
| > |
| > |
| > |
| >
|
|
|
.
- Follow-Ups:
- Re: Remote Client Configuration
- From: Chris Guimbellot
- Re: Remote Client Configuration
- References:
- Remote Client Configuration
- From: Chris Guimbellot
- RE: Remote Client Configuration
- From: "Charles Yang [MSFT]"
- Re: Remote Client Configuration
- From: Chris Guimbellot
- Remote Client Configuration
- Prev by Date: RE: Unable to migrate computers from W2K to W2K3 SBS
- Next by Date: RE: SBS 2003 migration blues
- Previous by thread: Re: Remote Client Configuration
- Next by thread: Re: Remote Client Configuration
- Index(es):
Relevant Pages
|
