+ Post New Thread
Results 1 to 15 of 15
Windows 7 Thread, group policy to make teachers bring in laptops in Technical; Im looking for a solution to make teachers bring in the laptops that have been given to them, looking at ...
  1. #1

    Join Date
    May 2013
    Posts
    15
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0

    group policy to make teachers bring in laptops

    Im looking for a solution to make teachers bring in the laptops that have been given to them, looking at once a term and as they have vpn kms 180 days is no good. Reason being we want to make sure they stay upto date ect and over vpn there a lot harder to manage.

  2. #2

    Join Date
    Jul 2009
    Posts
    567
    Thank Post
    46
    Thanked 106 Times in 91 Posts
    Rep Power
    68
    Disable the computer accounts in AD?

    This would prevent domain account logons, but not sure about local users though.

  3. #3

    Join Date
    May 2013
    Posts
    15
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    It would work but i would have to check which computers to disable ect, looking for a automated process and if they dont use vpn they wont even notice.

  4. #4
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    486
    Thank Post
    44
    Thanked 74 Times in 69 Posts
    Rep Power
    21
    A group policy change on those PCs to who is allowed to logon to the PCs (make a separate local group if you want this to be offline workable, this can be done with GPO as well). A scheduled task that runs every x days on the PC to remove all users from that group. They bring it in, you re-add them to the local allowed group.

  5. #5
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    1,013
    Thank Post
    42
    Thanked 84 Times in 80 Posts
    Rep Power
    22
    A scheduled task the logs off the laptop if it cant ping the default gateway of your school. With a message about bringing it in. If you wan't to updates. You can have a wsus server facing outward, just configure it to obtain updates from windows update but you approve which ones. or better still SCCM with a external facing DP,SUP.

  6. #6
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    533
    Thank Post
    26
    Thanked 232 Times in 162 Posts
    Rep Power
    87
    Quote Originally Posted by t21drl View Post
    Im looking for a solution to make teachers bring in the laptops that have been given to them, looking at once a term and as they have vpn kms 180 days is no good. Reason being we want to make sure they stay upto date ect and over vpn there a lot harder to manage.
    Rather than force them to come back, why not look at managing them with Windows Intune in conjunction with SCCM? That way as long as they're online you can make they get the updates they need.

  7. #7
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,506
    Thank Post
    4
    Thanked 98 Times in 94 Posts
    Blog Entries
    1
    Rep Power
    52
    You can some stuff with maraki.

  8. #8

    Join Date
    May 2013
    Posts
    15
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by free780 View Post
    A scheduled task the logs off the laptop if it cant ping the default gateway of your school. With a message about bringing it in. If you wan't to updates. You can have a wsus server facing outward, just configure it to obtain updates from windows update but you approve which ones. or better still SCCM with a external facing DP,SUP.
    Thats something i can look into as we manage more or less everything with SCCM already so shouldn't be too much more work.

  9. #9
    robjduk's Avatar
    Join Date
    Jun 2011
    Posts
    450
    Thank Post
    15
    Thanked 67 Times in 52 Posts
    Rep Power
    22
    I have not set it up yet but believe direct access allows you to update them from afar.

  10. #10
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    807
    Thank Post
    83
    Thanked 132 Times in 115 Posts
    Blog Entries
    8
    Rep Power
    32
    When I read the thread title group policy to make teachers bring in laptops I thought it would be awesome to be able to use GPO to control user's behavior. Man, the custom templates I would write for some people...

    Anyways, how are your updates pushed out? I recently started using Local Update Publisher in conjunction with WSUS to push things like Flash, Java, Chrome, etc. It has been working great, but a lot of my users will take their laptops home over extended breaks and by the time they come back the machine is horribly out of date. I was thinking about making my WSUS server public facing, or at least forwarding the ports needed to make WSUS work. We own the outside domain name that matches our internal domain, so I could call out to WSUS in GPO by the full name (http://wsus.ourdomain.com) and it would resolve correctly on both the outside and inside. I haven't gotten to trying this yet, but it looks doable.

  11. #11

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,726
    Thank Post
    667
    Thanked 1,638 Times in 1,463 Posts
    Rep Power
    424
    Directaccess if your o/s versions support the latest ver as it's awesome they are connected to the domain as if they are still internally plugged in so it's much better than a dialup vpn type connection all updates and remote access tools will work just they would for a fixed desktop.

    Ben

  12. Thanks to plexer from:

    TheScarfedOne (5th August 2014)

  13. #12

    Join Date
    Apr 2008
    Posts
    64
    Thank Post
    10
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Quote Originally Posted by jamesbmarshall View Post
    Rather than force them to come back, why not look at managing them with Windows Intune in conjunction with SCCM? That way as long as they're online you can make they get the updates they need.
    This would be nice - just wish Intune pricing was a little less expensive (200 devices at ~£10/yr each last time I checked?).

    +1 for the DirectAccess suggestion though, works pretty well assuming they have a reasonable home internet connection!

  14. #13
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    533
    Thank Post
    26
    Thanked 232 Times in 162 Posts
    Rep Power
    87
    Quote Originally Posted by itwasntme View Post
    This would be nice - just wish Intune pricing was a little less expensive (200 devices at ~£10/yr each last time I checked?).
    Check again!

    I believe the pricing is somewhere in the region of $6 per staff member per year for education, but you should speak to a licensing re-seller for a quote.

  15. Thanks to jamesbmarshall from:

    TheScarfedOne (6th August 2014)

  16. #14

    Join Date
    Apr 2008
    Posts
    64
    Thank Post
    10
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Quote Originally Posted by jamesbmarshall View Post
    Check again!

    I believe the pricing is somewhere in the region of $6 per staff member per year for education, but you should speak to a licensing re-seller for a quote.
    The price I have just had back this morning is £8.46 per user per year - too expensive in my opinion (200+users), but could be an option for devices we can't use DirectAccess with.

  17. #15

    Join Date
    Dec 2009
    Posts
    270
    Thank Post
    6
    Thanked 33 Times in 31 Posts
    Rep Power
    15
    You could use Orchestrator to check the last logon attribute of every PC and if the value is >X then disable the account.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 13
    Last Post: 27th May 2010, 11:04 AM
  2. Group policy to redirect desktop
    By srochford in forum Windows
    Replies: 12
    Last Post: 19th January 2010, 02:50 PM
  3. Cannot get group policy to apply
    By flexyjerkov in forum Windows
    Replies: 18
    Last Post: 8th March 2007, 03:42 PM
  4. Group Policy guidelines needed for students in years 3 - 6
    By richard in forum Wireless Networks
    Replies: 6
    Last Post: 8th March 2007, 01:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •