Re: Remote Client Configuration
- From: "Chris Guimbellot" <cguimbellot@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 2 Dec 2005 02:53:04 -0500
Charles,
Once again, thanks for your response. I will look at these profile and
offline file issues. It looks like they are going to have to log into the
network using dial-up at least every once-in-a-while to get the profile and
GPO settings up to date. You also mentioned that if "logon is done with
cached credentials, and then a remote access connection is established,
Group Policy is not applied during logon". Does that mean that no group
policy is applied, or just the policy that goes into effect when the user
logs onto the domain. IE, if I create a separate OU for remote users for
WSUS (to have them log straight into the Windows Update server instead of my
local WSUS), will those settings filter down to the notebooks if they are
VPN'ed in for enough time (the 90 minutes plus offset time) or if they run
gpupdate? I am just trying to figure out how much management I can get on
these remote clients.
In regards to the initial setup, I am thinking that they will have to send
the laptops in so I can get the initial configurations done. Is this
correct? If so, it will be a pain, but I guess that's all there is to it.
I appreciate the continued help. Thanks again,
Chris
""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:2tNGRIx9FHA.1236@xxxxxxxxxxxxxxxxxxxxxxxx
> HI Chris,
>
> Thanks for detailed updates.
>
> From your description, it seems you want to know if it is possible to join
> the client computer to the SBS domain via connect computer wizard
> remotely.
> After confirm with our SP, I am sorry for some wrong information, you have
> to put the laptop to the local network then join to the SBS domain, then
> next time you can logon the SBS domain with your current user name and
> password, this should be cache credential logon, this will enable the
> remote user logon to SBS domain without a DC exists.
>
> It seems you also have some concerns on the GPO updates issue and roaming
> profile updates issue. Now let me clarify the issue more clearly, for the
> roaming profile, it will be store on the SBS server instead of storing on
> each client computer, so it is convenient for administrator to backup and
> manage the profile, when you logon the SBS domain but not within the SBS
> local network or via dial up VPN connection, you will use an local copy on
> roaming profile on the temp folder.
>
> When the logon is done with cached credentials, and then a remote access
> connection is established, Group Policy is not applied during logon. For
> example, if users connecting through a VPN connection are logging in via
> cached credentials, folder redirection settings will not be processed,
> because folder redirection policy can only be processed at user logon, not
> in the background refresh.
>
> For group policy issue, we suggest you refer to the following KB article,
> it will help you understand the issue more clearly:
>
> 227260 How a Slow Link Is Detected for Processing User Profiles and Group
> Policy
> http://support.microsoft.com/?id=227260
>
>
> 227369 Default Behavior for Group Policy Extensions with Slow Link
> http://support.microsoft.com/?id=227369
>
>
> 842007 You experience synchronization problems if you do not disable the
> cache
> http://support.microsoft.com/?id=842007
>
>
> So the user's roaming profile will be only sync when using a dial up VPN
> connection or connect to the local network. But you do not need to worry
> about that, all the thing include the GPO and profile will be updates
> then.
>
> For the offline folder it is different from the roaming profile, it can be
> sync any time the shared folder is available for the remote computer.
>
> Hope the above information helpful for your issue. I am glad to be of
> assistance. Sorry for any inconvenience.
>
>
>
> Best regards,
>
> Charles Yang (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
> | From: "Chris Guimbellot" <cguimbellot@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> | References: <uF62xLd9FHA.2176@xxxxxxxxxxxxxxxxxxxx>
> <00CTomj9FHA.4000@xxxxxxxxxxxxxxxxxxxxx>
> | Subject: Re: Remote Client Configuration
> | Date: Fri, 2 Dec 2005 00:39:21 -0500
> | Lines: 286
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
> | X-RFC2646: Format=Flowed; Original
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
> | Message-ID: <ul6lALw9FHA.2816@xxxxxxxxxxxxxxxxxxxx>
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: mail.hospitality-international.com 71.16.180.114
> | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
> | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:227224
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Charles,
> |
> | Thanks for the response, my replies are below. Also, I wanted to let you
> | know that I have a notebook here that is configured just as my traveling
> | employees and is not connected to the physical LAN in the office (I am
> using
> | Verizon too), so I can simulate the changes we try without wasting my
> guys'
> | time.
> |
> | > Before we go any further, we need to know how you plan to connect the
> | > remote computer to SBS 2003 domain via VPN connection after the remote
> | > user
> | > logon the remote computer locally or connect the SBS domain via dial
> in
> | > VPN
> | > connection when user logon to the remote computer.
> |
> | > Here I assume that you want to use a dial in VPN connection to connect
> the
> | > remote computer with SBS local network.
> |
> | Actually, my users currently connect by logging on to the computer (with
> the
> | domain listed in the "Log in to:" drop-down on the login screen), but
> not
> | clicking on the "Log on using dial up connection". They dont actually
> | connect using the VPN until after they are logged an and have
> established
> | their connection to the internet. The reason I have them log in that way
> is
> | so they dont have to have an internet connection to use their computers.
> I
> | like for them to be able to get to those offline folders and use the
> | software without having to log in over that slow connection. They only
> log
> | in when it is time to synchronize their offline files or their email
> with
> | the Exchange server.
> |
> | That said, most of your solutions dont apply to me (at least I think),
> | unless there is a way to update group policy, roaming user profiles,
> etc.
> | after establishing the VPN connection.
> |
> | > If so the steps you mentioned first is right on target you can follow
> that
> | > steps to join the remote computer to SBS domain. For your concerns
> about
> | > the question, please refer to my answer one by one:
> |
> | I dont think that the Network Configuration website would work to
> connect
> to
> | the network (either for logging into the network using "log on using
> dial-up
> | networking"or logging in locally then establishing the VPN. The reason I
> say
> | that is because when I logged in to a test notebook then established the
> | VPN, when I tried to run the Network Configuration website, I received
> the
> | following error: "The Small Business Server Network Configuration Wizard
> | will only run over a Local Area Network connection. Deactivate any
> dial-up
> | or virtual private network (VPN) connections, connect the client
> computer
> to
> | the server using a Local Area Connection, and try again.
> |
> | That said, how should I have them join the network? I tried to change
> the
> | network under "Computer Name Changes" after logging in to the VPN, and
> it
> | worked. The problem is that when I tried to log back in, it would not
> let
> me
> | into the domain because it could not find my user account. Then, when I
> | tried to change the Log on to dropdown to the local computer, it gets
> this
> | box that says "Please wait while the domain list is created" and it
> takes
> | forever to go away.
> |
> | The only way I think I would be able to get around that would be to have
> | them log in using a dial-up connection, but then it would have to dial
> | Verizon, then the VPN. It seems like at that point it would be getting
> too
> | complicated for me to guide my user through over the phone. What do you
> | think?
> |
> | There is also the "Create Remote Connection Disk". It looks like all
> that
> | does is install the "Connect to Small Business Server" VPN-like
> connection.
> | This has nothing to do with connecting these computers to the network
> does
> | it?
> |
> | One thing I have heard would be a possibility is to have the computer
> | changed from a domain to a workgroup with the same name. Does that seem
> like
> | something that might work here? If so, how does it effect my other
> issues?
> |
> | > 1. Will the offline files will be gone when the user logs back on?
> | >
> | > Based on my research, the offline file is not depend on which OS
> system,
> | > so
> | > if the shared folder is still available on SBS 2003 domain which the
> | > offline file is enabled when the user log back the offline file will
> not
> | > disappear, if not you had to backup the offline file on the SBS server
> or
> | > client side first then make it available on a server new shared
> folder.
> |
> | It looks that way to me. I will verify when I start getting these
> clients
> | on. Thanks.
> |
> | > 2. Do they actually need the firewall client if they are never in the
> | > building?
> | >
> | > Firewall client will be useful for the client user as we do not need
> to
> | > configure special packet filtering on the ISA server for those client
> | > computer, they can access the internet through SBS 2003 without any
> | > problem. But if they do not use the SBS server to access the internet,
> you
> | > do not need to install the firewall client. It depends on if you want
> to
> | > control the internet connection of remote user.
> |
> | Thanks for the explanation. I do not need them to access the internet
> | through the server. What I will do, is install the firewall client on
> the
> | users that do come in every few weeks and use their notebooks in the
> office
> | so that they wont have any problems.
> |
> | > 3. What happens to their current profile when they log onto the new
> | > network?
> | >
> | > As I know, when they log to the new domain, a new profile will be
> created,
> | > it will not impact the original profile, however you can use the KB
> | > article
> | > below to restore the user profile and use it on the new SBS 2003
> domain:
> | >
> | > 314045 HOW TO: Restore a User Profile in Windows 2000
> | > http://support.microsoft.com/?id=314045
> |
> | I read the article and it looks easy enough. Thanks.
> |
> | > 4. What about Group Policy? I run WSUS and was thinking about creating
> a
> | > new OU for the mobile users and setting WSUS to tell them to get their
> | > updates direct from Windows Update servers.
> | >
> | > Generally speaking, as you want to deploy the group policy for the
> remote
> | > user, it is possible to do that, due to the network speed issue, we
> | > suggest
> | > you refer to the article below to set a slow link for remote computer
> when
> | > deploy group policy, it might reduce the network traffic and make the
> | > logon
> | > process more effectively:
> | >
> | > 819108 Settings for minimizing periodic WAN traffic
> | > http://support.microsoft.com/?id=819108
> | >
> | > 811525 Configure Slow Link Speed Group Policy does not force offline
> files
> | > to
> | > http://support.microsoft.com/?id=811525
> |
> | Glad you pointed me to this article. From this article as well as my
> other
> | research, it looks like no matter whether you log into the domain or you
> log
> | into a local profile and connect via the VPN, as long as the computer is
> a
> | member of the domain, group policy will refresh. Thats good to know. I
> guess
> | that I shouldnt even consider configuring these things in a workgroup
> | setting.
> |
> | Also, how can you tell that the slow link is working for the offline
> files?
> | It seems that when I connect to the VPN, after a few seconds, I am
> working
> | online, then when I disconnect, I an then working offline. I cant think
> of a
> | time that when I was on a slow network, it didnt tell me I was online as
> | long as I was connected to the VPN.
> |
> | .> 5. What is the difference between Connection Manager and the VPN they
> | > already have installed?
> | >
> | > Both are VPN connection, just as I said the VPN they already installed
> | > might be a dial in VPN connection, but the connection management
> should
> be
> | > considered as a VPN connection that you can use the remote computer to
> | > logon locally then establish the VPN connection via the connection
> | > management. There are not so many difference between them.
> |
> | Looks that way to me too. Thanks for the clarification.
> |
> | > 6. Should I use Roaming User Profiles like I have for the other users?
> If
> | > so, how do they update to the server?
> | >
> | > You can use roaming profile, they will update with the server profile
> as
> | > the local network user, however if you enable the slow link for group
> | > policy we may have some special design for sync the profile with SBS
> | > server
> | > for optimize the network traffic on the slow WAN link., you can refer
> to
> | > the article below:
> | >
> | > 227260 How a Slow Link Is Detected for Processing User Profiles and
> Group
> | > Policy
> | > http://support.microsoft.com/?id=227260
> |
> | Thanks, here I learned how to configure the slow link via GPO, a
> question
> I
> | had after reading 811525.
> |
> | It seems though that the only way to update the roaming profile is by
> | logging into the network instrad of being able to snchronize. Is there
> | anyway, that the users could "upload" or "synchronize" their profiles
> with
> | the server without having to log on using a dial up connection?
> |
> | > For more information, I suggest you refer to the SBS website for the
> SBS
> | > documents about deploying the SBS 2003 domain.
> | >
> | This assumes that you log into the domain> Further information:
> | >
> | > When configure SBS 2003 domain, the most effective wizard should be
> CEICW,
> | > do not forget to use, it will save you a lot of time.
> | >
> | > 825763 How to configure Internet access in Windows Small Business
> Server
> | > 2003
> | > http://support.microsoft.com/?id=825763
> | >
> | > Hope the above information helpful enough to your issue. I really
> | > appreciate your effort on this issue, please feel free to let me know
> the
> | > results.
> |
> | I appreciate all of your help and look forward to your response.
> |
> | Chris
> |
> | > | From: "Chris Guimbellot" <cguimbellot@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> | > | Subject: Remote Client Configuration
> | > | Date: Wed, 30 Nov 2005 12:24:36 -0500
> | > | Lines: 53
> | > | X-Priority: 3
> | > | X-MSMail-Priority: Normal
> | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
> | > | X-RFC2646: Format=Flowed; Original
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
> | > | Message-ID: <uF62xLd9FHA.2176@xxxxxxxxxxxxxxxxxxxx>
> | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | NNTP-Posting-Host: mail.hospitality-international.com 71.16.180.114
> | > | Path:
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
> | > | Xref: TK2MSFTNGXA02.phx.gbl
> microsoft.public.windows.server.sbs:226731
> | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > |
> | > | Hello,
> | > |
> | > | SBS2003, XP clients.
> | > |
> | > | I had an SBS2000 network, but recently installed an SBS2003 box and
> put
> | > the
> | > | old one to bed. The new server has the same server and domain names
> as
> | > the
> | > | old one did. I was easily able to configure all of the clients for
> the
> | > new
> | > | network by running the Network Configuration website on the server
> | > | (http://servername.connectcomputer). Now it is time to set up the
> remote
> | > | computers. That is where I am sort of lost. Here is the situation: I
> | > have
> | > | about 7 mobile users (salesmen) using notebooks. They are currently
> set
> | > up
> | > | to log into the old SBS2K network. The use the internet, OutlookXP
> for
> | > | email, and use offline files from departmental folders located on
> the
> | > | server. They connect to the server via VPN. My question is, how can
> I
> | > set
> | > | them up on the new network? They connect via slow connections
> (Verizon
> | > | NationalAccess BroadbandAccess). I would think that installing the
> | > client
> | > | apps (namely Outlook 2003 and firewall client) could not work on
> such
> a
> | > slow
> | > | connection. That said, here is what I was thinking about doing:
> | > |
> | > | 1. Have them uninstall the old firewall client.
> | > | 2. Have them VPN into the new server using their existing VPN
> | > connection.
> | > | 3. Run the Network Configuration website to join their computer to
> the
> | > | domain.
> | > | 4. Upon restart, have them install Outlook 2003, the new Firewall
> | > Client,
> | > | and the Connection Manager via a CD I send them.
> | > | 5. Have them install TrendMicro (oh yeah, they will be using
> TrendMicro
> | > CS)
> | > | from the same CD.
> | > |
> | > | Is this the correct way to perform the client setup. I am worried
> about
> | > a
> | > | few things:
> | > |
> | > | 1. Will the offline files will be gone when the user logs back on?
> | > | 2. Do they actually need the firewall client if they are never in
> the
> | > | building?
> | > | 3. What happens to their current profile when they log onto the new
> | > network?
> | > | 4. What about Group Policy? I run WSUS and was thinking about
> creating a
> | > new
> | > | OU for the mobile users and setting WSUS to tell them to get their
> | > updates
> | > | direct from Windows Update servers.
> | > | 5. What is the difference between Connection Manager and the VPN
> they
> | > | already have installed?
> | > | 6. Should I use Roaming User Profiles like I have for the other
> users?
> | > If
> | > | so, how do they update to the server?
> | > | 7. How many other issues have I not thought of?
> | > |
> | > | I am trying to avoid having them send in their notebooks just so I
> can
> | > | configure them. There has to be some sort of guide out there or
> someone
> | > with
> | > | some war stories to share. If I have not been clear enough or I need
> to
> | > | provide more information, I would be happy to. I appreciate any
> | > responses.
> | > | Thanks in advance,
> | > |
> | > | Chris
> | > |
> | > |
> | > |
> | >
> |
> |
> |
>
.
- Follow-Ups:
- Re: Remote Client Configuration
- From: "Charles Yang [MSFT]"
- Re: Remote Client Configuration
- References:
- Remote Client Configuration
- From: Chris Guimbellot
- RE: Remote Client Configuration
- From: "Charles Yang [MSFT]"
- Re: Remote Client Configuration
- From: Chris Guimbellot
- Re: Remote Client Configuration
- From: "Charles Yang [MSFT]"
- Remote Client Configuration
- Prev by Date: RE: Modem Pool
- Next by Date: Re: After installing SP1 on my SBS 2003 server....BSOD
- Previous by thread: Re: Remote Client Configuration
- Next by thread: Re: Remote Client Configuration
- Index(es):
Relevant Pages
|
