m25man (21st February 2014)
I'm not a fan of RM CC in fact I have only ever removed it from sites and replaced it with vanilla however I'm finalising a network traffic analysis report I did last week where I found that all of the Staff Laptops have been configured as Standalone Workgroup machines in a "Workgroup" whilst everything else is integrated into AD/RM CC4 domain.local
Needless to say its a mess, not having an RM sandbox to refer to I need a few pointers regarding best practise in an RM AD Domain on excluding Staff Laptops from RM Control whilst establishing decent AD management.
I'm assuming we can create an OU outside of the RM scope and block inheritance?
What are the Licensing implications?
Should the site just man up and buy the RM Licenses and let RM look after all devices?
Is it realistic to run a Domain on a 75/25 split of RM and Vanilla laptops?
What makes it worse is that it appears that all Staff have AD/Domain logins for use on the RM devices so separating User/Computers is going to be a challenge.
It appears that a previous NM decided to let all staff have a standalone laptop rather than an RM Managed one, with a local login and admin rights on a workgroup pc, the end result is a mess.
Im guessing this was probably done to save on RM CC Licenses. I can only imagine what state the laptops are in with no central management.
In some ways I can see why he did what he did to isolate them from the CC network, but the side effect of doing so has now caught up with them he has jumped ship and it needs to be brought under control.
To be honest the RM and Classroom PC's are all behaving nicely as expected, its the out of control workgroup machines slowly bringing everything else to its knees!
Just to make it worse, both Admin and Curriculum networks are on completely separate physical networks, but they have the same FQDN and the workgroup machines are allowed to roam freely between them!
Its not my job to fix it, but given the chance I would personally join the LANs with L3 routing consolidate the AD and rip out CC4 altogether but that's my own opinion.
Here I have all the staff laptops as managed CC4 stations that belong to the Personal Registry type. It works well. Staff log in the first time in school and then after that they can log in locally at home. Make them a "priviliged user" in the machines properties in the RMMC if you want the to have local admin rights.
As you said "RM and Classroom PC's are all behaving nicely as expected". You dont have to purchase all of RM's services at the end of the day just make it one network by adding the staff laptops into CC4. Life will be so much easier I think if you can rebuild them onto the CC4 network.
Last edited by ReverentCreature; 21st February 2014 at 01:06 PM.
m25man (21st February 2014)
There are currently 1 users browsing this thread. (0 members and 1 guests)