Re: Remote Client Configuration
- From: v-chayan@xxxxxxxxxxxxxxxxxxxx ("Charles Yang [MSFT]")
- Date: Fri, 02 Dec 2005 08:28:08 GMT
HI Chris,
Thanks for quickly updates.
Just as I know, if you only logon the domain with cache credential, the
group policy will not be updates, instead it will use the old policy that
just applied last time. There should be no problem, but we suggest you use
dial up VPN connection to logon SBS domain once-in-a-while for the group
policy refresh.
If you create a separate OU for the WSUS user and you want the policy
applied immediately it is your best interest to run gpupdate or the policy
will be applied every 90 min through slow WAN link for reducing the network
traffic. But we do not recommend to run WSUS policy through WAN link, it
might cause a lot network traffic, maybe it will encounter some unexpected
network error when doing updates. (Please note that if the slow link is
detected, some of the policy will not be applied immediately, instead they
will be applied after the user logon in order to reduce the logon process.
You can also run gpupdate to force the new policy apply)
For your last question, I think it is your best interest to let all the
laptop to connect to SBS domain first; currently we have no other better
workaround. I am sorry for any inconvenience.
Hope the above information helpful; please feel free to post back if you
have any further concerns. I am glad to be of assistance.
Best regards,
Charles Yang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Chris Guimbellot" <cguimbellot@xxxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <uF62xLd9FHA.2176@xxxxxxxxxxxxxxxxxxxx>
<00CTomj9FHA.4000@xxxxxxxxxxxxxxxxxxxxx>
<ul6lALw9FHA.2816@xxxxxxxxxxxxxxxxxxxx>
<2tNGRIx9FHA.1236@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Remote Client Configuration
| Date: Fri, 2 Dec 2005 02:53:04 -0500
| Lines: 531
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| Message-ID: <uDiiuVx9FHA.500@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: mail.bookroomsnow.com 71.16.180.114
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:227246
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Charles,
|
| Once again, thanks for your response. I will look at these profile and
| offline file issues. It looks like they are going to have to log into the
| network using dial-up at least every once-in-a-while to get the profile
and
| GPO settings up to date. You also mentioned that if "logon is done with
| cached credentials, and then a remote access connection is established,
| Group Policy is not applied during logon". Does that mean that no group
| policy is applied, or just the policy that goes into effect when the user
| logs onto the domain. IE, if I create a separate OU for remote users for
| WSUS (to have them log straight into the Windows Update server instead of
my
| local WSUS), will those settings filter down to the notebooks if they are
| VPN'ed in for enough time (the 90 minutes plus offset time) or if they
run
| gpupdate? I am just trying to figure out how much management I can get on
| these remote clients.
|
| In regards to the initial setup, I am thinking that they will have to
send
| the laptops in so I can get the initial configurations done. Is this
| correct? If so, it will be a pain, but I guess that's all there is to it.
|
| I appreciate the continued help. Thanks again,
|
| Chris
|
| ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:2tNGRIx9FHA.1236@xxxxxxxxxxxxxxxxxxxxxxxx
| > HI Chris,
| >
| > Thanks for detailed updates.
| >
| > From your description, it seems you want to know if it is possible to
join
| > the client computer to the SBS domain via connect computer wizard
| > remotely.
| > After confirm with our SP, I am sorry for some wrong information, you
have
| > to put the laptop to the local network then join to the SBS domain, then
| > next time you can logon the SBS domain with your current user name and
| > password, this should be cache credential logon, this will enable the
| > remote user logon to SBS domain without a DC exists.
| >
| > It seems you also have some concerns on the GPO updates issue and
roaming
| > profile updates issue. Now let me clarify the issue more clearly, for
the
| > roaming profile, it will be store on the SBS server instead of storing
on
| > each client computer, so it is convenient for administrator to backup
and
| > manage the profile, when you logon the SBS domain but not within the SBS
| > local network or via dial up VPN connection, you will use an local copy
on
| > roaming profile on the temp folder.
| >
| > When the logon is done with cached credentials, and then a remote access
| > connection is established, Group Policy is not applied during logon. For
| > example, if users connecting through a VPN connection are logging in via
| > cached credentials, folder redirection settings will not be processed,
| > because folder redirection policy can only be processed at user logon,
not
| > in the background refresh.
| >
| > For group policy issue, we suggest you refer to the following KB
article,
| > it will help you understand the issue more clearly:
| >
| > 227260 How a Slow Link Is Detected for Processing User Profiles and
Group
| > Policy
| > http://support.microsoft.com/?id=227260
| >
| >
| > 227369 Default Behavior for Group Policy Extensions with Slow Link
| > http://support.microsoft.com/?id=227369
| >
| >
| > 842007 You experience synchronization problems if you do not disable the
| > cache
| > http://support.microsoft.com/?id=842007
| >
| >
| > So the user's roaming profile will be only sync when using a dial up VPN
| > connection or connect to the local network. But you do not need to worry
| > about that, all the thing include the GPO and profile will be updates
| > then.
| >
| > For the offline folder it is different from the roaming profile, it can
be
| > sync any time the shared folder is available for the remote computer.
| >
| > Hope the above information helpful for your issue. I am glad to be of
| > assistance. Sorry for any inconvenience.
| >
| >
| >
| > Best regards,
| >
| > Charles Yang (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| > --------------------
| > | From: "Chris Guimbellot" <cguimbellot@xxxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <uF62xLd9FHA.2176@xxxxxxxxxxxxxxxxxxxx>
| > <00CTomj9FHA.4000@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: Remote Client Configuration
| > | Date: Fri, 2 Dec 2005 00:39:21 -0500
| > | Lines: 286
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| > | Message-ID: <ul6lALw9FHA.2816@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: mail.hospitality-international.com 71.16.180.114
| > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:227224
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Charles,
| > |
| > | Thanks for the response, my replies are below. Also, I wanted to let
you
| > | know that I have a notebook here that is configured just as my
traveling
| > | employees and is not connected to the physical LAN in the office (I am
| > using
| > | Verizon too), so I can simulate the changes we try without wasting my
| > guys'
| > | time.
| > |
| > | > Before we go any further, we need to know how you plan to connect
the
| > | > remote computer to SBS 2003 domain via VPN connection after the
remote
| > | > user
| > | > logon the remote computer locally or connect the SBS domain via
dial
| > in
| > | > VPN
| > | > connection when user logon to the remote computer.
| > |
| > | > Here I assume that you want to use a dial in VPN connection to
connect
| > the
| > | > remote computer with SBS local network.
| > |
| > | Actually, my users currently connect by logging on to the computer
(with
| > the
| > | domain listed in the "Log in to:" drop-down on the login screen), but
| > not
| > | clicking on the "Log on using dial up connection". They dont actually
| > | connect using the VPN until after they are logged an and have
| > established
| > | their connection to the internet. The reason I have them log in that
way
| > is
| > | so they dont have to have an internet connection to use their
computers.
| > I
| > | like for them to be able to get to those offline folders and use the
| > | software without having to log in over that slow connection. They only
| > log
| > | in when it is time to synchronize their offline files or their email
| > with
| > | the Exchange server.
| > |
| > | That said, most of your solutions dont apply to me (at least I think),
| > | unless there is a way to update group policy, roaming user profiles,
| > etc.
| > | after establishing the VPN connection.
| > |
| > | > If so the steps you mentioned first is right on target you can
follow
| > that
| > | > steps to join the remote computer to SBS domain. For your concerns
| > about
| > | > the question, please refer to my answer one by one:
| > |
| > | I dont think that the Network Configuration website would work to
| > connect
| > to
| > | the network (either for logging into the network using "log on using
| > dial-up
| > | networking"or logging in locally then establishing the VPN. The
reason I
| > say
| > | that is because when I logged in to a test notebook then established
the
| > | VPN, when I tried to run the Network Configuration website, I received
| > the
| > | following error: "The Small Business Server Network Configuration
Wizard
| > | will only run over a Local Area Network connection. Deactivate any
| > dial-up
| > | or virtual private network (VPN) connections, connect the client
| > computer
| > to
| > | the server using a Local Area Connection, and try again.
| > |
| > | That said, how should I have them join the network? I tried to change
| > the
| > | network under "Computer Name Changes" after logging in to the VPN,
and
| > it
| > | worked. The problem is that when I tried to log back in, it would not
| > let
| > me
| > | into the domain because it could not find my user account. Then, when
I
| > | tried to change the Log on to dropdown to the local computer, it gets
| > this
| > | box that says "Please wait while the domain list is created" and it
| > takes
| > | forever to go away.
| > |
| > | The only way I think I would be able to get around that would be to
have
| > | them log in using a dial-up connection, but then it would have to dial
| > | Verizon, then the VPN. It seems like at that point it would be getting
| > too
| > | complicated for me to guide my user through over the phone. What do
you
| > | think?
| > |
| > | There is also the "Create Remote Connection Disk". It looks like all
| > that
| > | does is install the "Connect to Small Business Server" VPN-like
| > connection.
| > | This has nothing to do with connecting these computers to the network
| > does
| > | it?
| > |
| > | One thing I have heard would be a possibility is to have the computer
| > | changed from a domain to a workgroup with the same name. Does that
seem
| > like
| > | something that might work here? If so, how does it effect my other
| > issues?
| > |
| > | > 1. Will the offline files will be gone when the user logs back on?
| > | >
| > | > Based on my research, the offline file is not depend on which OS
| > system,
| > | > so
| > | > if the shared folder is still available on SBS 2003 domain which the
| > | > offline file is enabled when the user log back the offline file
will
| > not
| > | > disappear, if not you had to backup the offline file on the SBS
server
| > or
| > | > client side first then make it available on a server new shared
| > folder.
| > |
| > | It looks that way to me. I will verify when I start getting these
| > clients
| > | on. Thanks.
| > |
| > | > 2. Do they actually need the firewall client if they are never in
the
| > | > building?
| > | >
| > | > Firewall client will be useful for the client user as we do not
need
| > to
| > | > configure special packet filtering on the ISA server for those
client
| > | > computer, they can access the internet through SBS 2003 without any
| > | > problem. But if they do not use the SBS server to access the
internet,
| > you
| > | > do not need to install the firewall client. It depends on if you
want
| > to
| > | > control the internet connection of remote user.
| > |
| > | Thanks for the explanation. I do not need them to access the internet
| > | through the server. What I will do, is install the firewall client on
| > the
| > | users that do come in every few weeks and use their notebooks in the
| > office
| > | so that they wont have any problems.
| > |
| > | > 3. What happens to their current profile when they log onto the new
| > | > network?
| > | >
| > | > As I know, when they log to the new domain, a new profile will be
| > created,
| > | > it will not impact the original profile, however you can use the KB
| > | > article
| > | > below to restore the user profile and use it on the new SBS 2003
| > domain:
| > | >
| > | > 314045 HOW TO: Restore a User Profile in Windows 2000
| > | > http://support.microsoft.com/?id=314045
| > |
| > | I read the article and it looks easy enough. Thanks.
| > |
| > | > 4. What about Group Policy? I run WSUS and was thinking about
creating
| > a
| > | > new OU for the mobile users and setting WSUS to tell them to get
their
| > | > updates direct from Windows Update servers.
| > | >
| > | > Generally speaking, as you want to deploy the group policy for the
| > remote
| > | > user, it is possible to do that, due to the network speed issue, we
| > | > suggest
| > | > you refer to the article below to set a slow link for remote
computer
| > when
| > | > deploy group policy, it might reduce the network traffic and make
the
| > | > logon
| > | > process more effectively:
| > | >
| > | > 819108 Settings for minimizing periodic WAN traffic
| > | > http://support.microsoft.com/?id=819108
| > | >
| > | > 811525 Configure Slow Link Speed Group Policy does not force offline
| > files
| > | > to
| > | > http://support.microsoft.com/?id=811525
| > |
| > | Glad you pointed me to this article. From this article as well as my
| > other
| > | research, it looks like no matter whether you log into the domain or
you
| > log
| > | into a local profile and connect via the VPN, as long as the computer
is
| > a
| > | member of the domain, group policy will refresh. Thats good to know. I
| > guess
| > | that I shouldnt even consider configuring these things in a workgroup
| > | setting.
| > |
| > | Also, how can you tell that the slow link is working for the offline
| > files?
| > | It seems that when I connect to the VPN, after a few seconds, I am
| > working
| > | online, then when I disconnect, I an then working offline. I cant
think
| > of a
| > | time that when I was on a slow network, it didnt tell me I was online
as
| > | long as I was connected to the VPN.
| > |
| > | .> 5. What is the difference between Connection Manager and the VPN
they
| > | > already have installed?
| > | >
| > | > Both are VPN connection, just as I said the VPN they already
installed
| > | > might be a dial in VPN connection, but the connection management
| > should
| > be
| > | > considered as a VPN connection that you can use the remote computer
to
| > | > logon locally then establish the VPN connection via the connection
| > | > management. There are not so many difference between them.
| > |
| > | Looks that way to me too. Thanks for the clarification.
| > |
| > | > 6. Should I use Roaming User Profiles like I have for the other
users?
| > If
| > | > so, how do they update to the server?
| > | >
| > | > You can use roaming profile, they will update with the server
profile
| > as
| > | > the local network user, however if you enable the slow link for
group
| > | > policy we may have some special design for sync the profile with SBS
| > | > server
| > | > for optimize the network traffic on the slow WAN link., you can
refer
| > to
| > | > the article below:
| > | >
| > | > 227260 How a Slow Link Is Detected for Processing User Profiles and
| > Group
| > | > Policy
| > | > http://support.microsoft.com/?id=227260
| > |
| > | Thanks, here I learned how to configure the slow link via GPO, a
| > question
| > I
| > | had after reading 811525.
| > |
| > | It seems though that the only way to update the roaming profile is by
| > | logging into the network instrad of being able to snchronize. Is there
| > | anyway, that the users could "upload" or "synchronize" their profiles
| > with
| > | the server without having to log on using a dial up connection?
| > |
| > | > For more information, I suggest you refer to the SBS website for
the
| > SBS
| > | > documents about deploying the SBS 2003 domain.
| > | >
| > | This assumes that you log into the domain> Further information:
| > | >
| > | > When configure SBS 2003 domain, the most effective wizard should be
| > CEICW,
| > | > do not forget to use, it will save you a lot of time.
| > | >
| > | > 825763 How to configure Internet access in Windows Small Business
| > Server
| > | > 2003
| > | > http://support.microsoft.com/?id=825763
| > | >
| > | > Hope the above information helpful enough to your issue. I really
| > | > appreciate your effort on this issue, please feel free to let me
know
| > the
| > | > results.
| > |
| > | I appreciate all of your help and look forward to your response.
| > |
| > | Chris
| > |
| > | > | From: "Chris Guimbellot" <cguimbellot@xxxxxxxxxxxxxxxxxxxxxxxxxx>
| > | > | Subject: Remote Client Configuration
| > | > | Date: Wed, 30 Nov 2005 12:24:36 -0500
| > | > | Lines: 53
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| > | > | Message-ID: <uF62xLd9FHA.2176@xxxxxxxxxxxxxxxxxxxx>
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: mail.hospitality-international.com
71.16.180.114
| > | > | Path:
| > TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| > | > | Xref: TK2MSFTNGXA02.phx.gbl
| > microsoft.public.windows.server.sbs:226731
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | Hello,
| > | > |
| > | > | SBS2003, XP clients.
| > | > |
| > | > | I had an SBS2000 network, but recently installed an SBS2003 box
and
| > put
| > | > the
| > | > | old one to bed. The new server has the same server and domain
names
| > as
| > | > the
| > | > | old one did. I was easily able to configure all of the clients
for
| > the
| > | > new
| > | > | network by running the Network Configuration website on the server
| > | > | (http://servername.connectcomputer). Now it is time to set up the
| > remote
| > | > | computers. That is where I am sort of lost. Here is the
situation: I
| > | > have
| > | > | about 7 mobile users (salesmen) using notebooks. They are
currently
| > set
| > | > up
| > | > | to log into the old SBS2K network. The use the internet,
OutlookXP
| > for
| > | > | email, and use offline files from departmental folders located on
| > the
| > | > | server. They connect to the server via VPN. My question is, how
can
| > I
| > | > set
| > | > | them up on the new network? They connect via slow connections
| > (Verizon
| > | > | NationalAccess BroadbandAccess). I would think that installing the
| > | > client
| > | > | apps (namely Outlook 2003 and firewall client) could not work on
| > such
| > a
| > | > slow
| > | > | connection. That said, here is what I was thinking about doing:
| > | > |
| > | > | 1. Have them uninstall the old firewall client.
| > | > | 2. Have them VPN into the new server using their existing VPN
| > | > connection.
| > | > | 3. Run the Network Configuration website to join their computer
to
| > the
| > | > | domain.
| > | > | 4. Upon restart, have them install Outlook 2003, the new Firewall
| > | > Client,
| > | > | and the Connection Manager via a CD I send them.
| > | > | 5. Have them install TrendMicro (oh yeah, they will be using
| > TrendMicro
| > | > CS)
| > | > | from the same CD.
| > | > |
| > | > | Is this the correct way to perform the client setup. I am worried
| > about
| > | > a
| > | > | few things:
| > | > |
| > | > | 1. Will the offline files will be gone when the user logs back on?
| > | > | 2. Do they actually need the firewall client if they are never in
| > the
| > | > | building?
| > | > | 3. What happens to their current profile when they log onto the
new
| > | > network?
| > | > | 4. What about Group Policy? I run WSUS and was thinking about
| > creating a
| > | > new
| > | > | OU for the mobile users and setting WSUS to tell them to get their
| > | > updates
| > | > | direct from Windows Update servers.
| > | > | 5. What is the difference between Connection Manager and the VPN
| > they
| > | > | already have installed?
| > | > | 6. Should I use Roaming User Profiles like I have for the other
| > users?
| > | > If
| > | > | so, how do they update to the server?
| > | > | 7. How many other issues have I not thought of?
| > | > |
| > | > | I am trying to avoid having them send in their notebooks just so
I
| > can
| > | > | configure them. There has to be some sort of guide out there or
| > someone
| > | > with
| > | > | some war stories to share. If I have not been clear enough or I
need
| > to
| > | > | provide more information, I would be happy to. I appreciate any
| > | > responses.
| > | > | Thanks in advance,
| > | > |
| > | > | Chris
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|
.
- Follow-Ups:
- Re: Remote Client Configuration
- From: Chris Guimbellot
- Re: Remote Client Configuration
- References:
- Remote Client Configuration
- From: Chris Guimbellot
- RE: Remote Client Configuration
- From: "Charles Yang [MSFT]"
- Re: Remote Client Configuration
- From: Chris Guimbellot
- Re: Remote Client Configuration
- From: "Charles Yang [MSFT]"
- Re: Remote Client Configuration
- From: Chris Guimbellot
- Remote Client Configuration
- Prev by Date: RE: cut a folder out of mydocs on the server?
- Next by Date: RE: Logon problems after running dcgpofix.exe to reset domain policies
- Previous by thread: Re: Remote Client Configuration
- Next by thread: Re: Remote Client Configuration
- Index(es):
Relevant Pages
|
