+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Network and Classroom Management Thread, Putting Staff Laptops Onto Domain in Technical; How many of you have staff laptops on the domain? Thinking maybe this would be the best bet. The school ...
  1. #1
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25

    Putting Staff Laptops Onto Domain

    How many of you have staff laptops on the domain?

    Thinking maybe this would be the best bet.

    The school now want us to put impero onto staff laptops, for esafey

    Now putting this on staff laptops, will require us to keep the latest version installed, which we normally do through active directory, using a msi.

    Defo needs to stay update, because we are using version 3, we at the moment is in devlopment at release candiate.


    Now that advantages of putting the laptops on the domain is good

    - wsus will work on, so the laptops 'SHOULD' say update
    - can deploy the newest flash, shockwave, adobe reader, java , impero, smartbord, interwrite, anything msi
    - can get the staff work backup, using offline files to their netowork folder?, has none of them backup

    Disavantages


    - when we deploy newer versions, staff will have to wait for it to all install
    - when the wsus updates the laptop, teacher may have to restart there laptop

    both advantage and disavantage

    - Staff has restrictions what they can do with active directory, so they will not be able to install any software without us installing it for them, so they cant install alot of rubbish on their laptop, which may cause us more work, which also mean if they can logon to there laptop at home, they can unselect the proxy settings, which mean they c ant get on the internet


    Not sure stuff

    How will the teacher be able to logon to the laptop at home?
    Currentlly staff and students have mantory profiles, which are set to remove when they logoff, to stop the annpoying, cant load profile service error when they logon (Only set this for windows 7 atm)
    Last edited by pritchardavid; 15th May 2010 at 09:12 PM.

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,103
    Thank Post
    1,431
    Thanked 1,693 Times in 1,266 Posts
    Blog Entries
    2
    Rep Power
    364
    I DONT have them on the domain for the fact that they get annoyed when they go home and have no access to H:\ and U:\ etc.

    However I am going to change that when I get my new Staff server!

  3. #3


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,211
    Thank Post
    218
    Thanked 812 Times in 694 Posts
    Rep Power
    274
    you could always make the pc a domain member but create a local profile and block network logon so staff cant get to their network user area (or can if you map it on the local profile)

  4. #4
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,487
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    50
    You could do cache profiles so they logon with out being connected (might need to do some loopback and inheritance rules for that).

    For the software installation being both a disadvantage and advantage, if you wanted you could use restricted groups and make them local admins of their machines. As for the proxy, there is a few proxy switching apps floating around as well (or you could convert them to firefox, or set your servers to give it out automatically with dhcp requests so you don't need to define it).

    You should be able to tell the local update service to get the updates then not to install them till the system is shutdown/restart and then if they are done regularly enough there won't be many to apply when they do so it won't take that long.

    Also as a bonus tip, if you have a habit of teachers leaving their laptops at home, you could set up a key server and make the machines request the keys every so often (say 30 days, so once a month).

  5. #5

    Join Date
    Aug 2008
    Location
    Northwest
    Posts
    79
    Thank Post
    1
    Thanked 10 Times in 10 Posts
    Rep Power
    13
    Had the same problem a few years ago and after trying a few different ways (switching to roaming profiles for staff etc) settled on making staff laptops dual-boot.

    There are two installs of XP on each laptop, one on the domain to use at school (which gets updates etc) and the other one not on the domain but frozen, which teachers use at home. Neither partition can access/see the other and documents are synchronised via a third partition. It works well and the laptops don’t cause us half the work they used to.

  6. #6

    Little-Miss's Avatar
    Join Date
    Oct 2007
    Location
    Birmingham
    Posts
    5,353
    Thank Post
    2,330
    Thanked 623 Times in 419 Posts
    Blog Entries
    2
    Rep Power
    508
    I have a local login and domain login. I don't know if im gonna keep it that way though.....i cant decide.

  7. #7
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    Quote Originally Posted by nephilim View Post
    I DONT have them on the domain for the fact that they get annoyed when they go home and have no access to H:\ and U:\ etc.

    However I am going to change that when I get my new Staff server!

    New staff sever?

    What that extually gonna do then?


    Some intresting ideas there, have to talk to the boss about getting the laptops on the domain, see what he thinks

    Maybe let them have a local admin account or a restricted one, with maybe some local group policy restrictions (can these restrictions be copied easy to other computers?), and also the laptop would be mapped with there network drive which is also offline, so there files are backup on our server

    (No teachers are doing backups, it it has become a problem, of some losing work now, hense one of our secience teacher lost all there work because the hard drive went fault, and we have tried every way to get the work back, but its impossible)

    But on windows 7, I dont know how to back the logon screen to default to a local account, is that possible (Know it was on windows xp, because I have done that before)
    Last edited by pritchardavid; 16th May 2010 at 12:08 PM.

  8. #8

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    I would personally keep them off the domain. You can then just have an image that any problems you just reimage. I would then setup a systems like we have been discussing here for little miss and remote access. They can then securely use your systems inside school without the need for data to be taken out of school.

  9. #9


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,211
    Thank Post
    218
    Thanked 812 Times in 694 Posts
    Rep Power
    274
    Quote Originally Posted by p-dave View Post
    New staff sever?

    What that extually gonna do then?


    Some intresting ideas there, have to talk to the boss about getting the laptops on the domain, see what he thinks

    Maybe let them have a local admin account or a restricted one, with maybe some local group policy restrictions (can these restrictions be copied easy to other computers?), and also the laptop would be mapped with there network drive which is also offline, so there files are backup on our server

    (No teachers are doing backups, it it has become a problem, of some losing work now, hense one of our secience teacher lost all there work because the hard drive went fault, and we have tried every way to get the work back, but its impossible)

    But on windows 7, I dont know how to back the logon screen to default to a local account, is that possible (Know it was on windows xp, because I have done that before)
    edit the local gpo computer config\admin templates\system\logon assign a default domain for logon and input the pc name. though im wondering if you could put localhost or something there

  10. #10

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    10,405
    Thank Post
    1,106
    Thanked 2,094 Times in 1,474 Posts
    Rep Power
    651
    In one school they are on the domain since last summer - they log on exactly the same at home and everything synchronises when they log back on to the domain. We used to have a lot of problems with staff losing their work, loading their laptops with absolute rubbish and putting all sorts of odd software on - but now they don't have the permissions to do it. I thought there would be screams of anguish but no, I have had almost no issues at all.
    In the other school, they have the choice of being on the domain or not and so I still have the issues with losing work when hard drives go, or they delete stuff, but slowly they are learning that if they log on to the domain, their work is a lot safer!

  11. #11

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,020
    Thank Post
    212
    Thanked 1,164 Times in 758 Posts
    Blog Entries
    4
    Rep Power
    481
    I've always had staff laptops on the domain - subject to the same restrictions and policies as their desktops (with the exception of redirected start menus/desktop/etc)

    That means no installing software, no admin privileges and all the locks they're used to.

    Was incredibly unpopular to begin with, but once people understood the reasoning it was fine - a few actually commented about how they stayed quick for much longer than when they had full control (funny that...)

    I don't think there's any reason for them to be installing their own software - you never know where it comes from our what it does, so how can you stay secure and licence compliant?

  12. #12

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,103
    Thank Post
    1,431
    Thanked 1,693 Times in 1,266 Posts
    Blog Entries
    2
    Rep Power
    364
    Staff are on Windows 7, New staff server will be 2008R2...currently its 2003R2, so I cant apply proper GPOs without serious editing, and I cant add mandatory profiles etc (which is really going to annoy the staff!!!!).

    We will be keeping the old one for SIMS and file storage only
    Last edited by nephilim; 16th May 2010 at 08:52 PM.

  13. #13
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    39
    Its very easy really. You join them to the domain but you don't heavily restrict them in any way (Machine OU using GP loopback processing). You do Mydocs folder redirection and use a local profile and by default when they go home they still have access to their mapped home drive albeit by synchronization. One problem might be proxy settings but if you have your network setup to automatically apply proxy settings via dhcp and dns then when they go home they will get internet access whatever ISP they have. Group policy processing also plays a role here as you don't want the user logging onto a PC within school with the same relaxed policy.

  14. #14
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    Ok know this thread is old

    But just started to do some work on this (Totally forgot about trying this out)


    Ok what I have done


    Had a vista teacher's laptop that had to be reloading due to some problems

    Imaged the laptop with windows 7

    On the image I have a local man profile

    I have blocked the staff laptop OU that I just created, so it doesnt get any other policy

    Staff still have their restructions they have on desktop (basiclly nearly the same has students)

    Profile will be cached on the laptop

    Setup the offline files:

    Administratively assigned offline files - Enabled, set to mapped 'O:\' Network Drive

    Allow or Disallow use of the Offline Files feature - Enabled


    Anything I missed out here?

    Staff cant get to control panel, has I blocked this, anyway they can get to the sync panel to check, or do you think that is not needed?


    I like the idea of making then you remote desktop to the school (we have that running anyway)

    Only thing I'm thinking is that what about if some of the staff dont have Internet at home or their Internet goes down and they cant do work because of that



    Ok some questions


    When they get home will they still have all the restrictions that was set from group policy? Is all the setting saved/cached in the profile?
    Also what about the mapped drive?

    Or will I have to find the registry keys and set them to load when they log in?



    Suppose I best set up a laptop and bring it home to complety test it out

  15. #15

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,692
    Thank Post
    824
    Thanked 2,570 Times in 2,187 Posts
    Blog Entries
    9
    Rep Power
    731
    @p-dave - use unc paths instead as these stick much better becaues they don't rely on the mapping being established before sync.

    They should still be able to get to the sync pannel by rightclicking the systemtray icon or using Windows key + X then selecting sync center.

    The policy should still be applied even if offline and cached.

    You could look at DirectAccess if you are up for setting it up then the staff would be connected even while at home.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Staff Laptops
    By napsburypark in forum Network and Classroom Management
    Replies: 7
    Last Post: 20th April 2010, 04:22 PM
  2. using staff laptops on and off a domain. How?
    By reggiep in forum Windows
    Replies: 9
    Last Post: 18th November 2009, 10:53 AM
  3. Staff Laptops and Local / Domain Accounts
    By neilault in forum How do you do....it?
    Replies: 1
    Last Post: 13th October 2009, 08:05 PM
  4. Staff Laptops
    By Dafty in forum Hardware
    Replies: 24
    Last Post: 9th March 2009, 08:01 PM
  5. BSF and staff laptops?
    By tosca925 in forum BSF
    Replies: 1
    Last Post: 11th August 2007, 12:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •