Im doing a bit of research at the moment into mandatory profiles and such and wanted to get some input into my situation from you seasoned veterens.
One of my schools is looking into getting rid of the ict suite and all desktop based computers in the school (bar the office obviously) and purchasing around 60 laptops for all school. These will obviously tied to several wireless points strategically placed around the school.
I have been told that using mandatory profiles etc is the best way to go with this kind of setup but i dont see the point? Everything i am being asked to do has already been done by group policies etc, why should i choose to go with mandatory profiles over the usual way im already doing things?
Also my second question is, should i try to stay on the cheap and get wireless points that cost £35 a peice and just place 1 - 2 in each classroom or go for higher end enterprise stuff (Hp ProCurve wireless points etc) as these have better range and can handle more clients etc. We would have to purchase around 15 WAPs if we went cheap to support that many laptops.
Are there any other considerations i should taken into account? amount of time for software installs, msi possible over the wireless network, maintenance, upkeep etc?
if you set up a default local profile on each machine, and just use AD for basic control, and folder redirection etc, then in theory a wireless network would be ok, but vastly inferior to a 'proper' wired solution.
if you go for 'small' portable equipment then chances are the processors will be very poor compared to desktop systems, and the only advantage will be portability. The simple way to look at this is, as we need more and more powerful processors to do run the OS's, each processor will require more and more logic gates within it, each logic gate uses transistors, and as each transistor switches, this consumes power, and thus produces HEAT. And how are you supposed to get rid of this heat in a small device ??
with wired systems you get security, as you have to be plugged into them before you can 'see' the network. With wireless there is poor, and slow connectivity, even with latest 'N' protocol . There are also questions about health associated with wireless networks too.
I would say FIGHT TO KEEP AT LEAST 1 ICT SUITE with desktops,
but if you are outnumbered by gadget greedy idiots, then at least make sure the wireless network is a managed one, and has power switches to turn off the WAPs when they are not in use to cover yourselves. Avoid UMPC's at any cost, and go for good quality laptops with onsite next day warranty, and avoid any laptop that has a touch screen.
Sounds to me that your SMT ar set on reducing your network to a pile of sh1t, but that is just my warped view of the way things are heading for ict in schools.
Wireless in the schools i am at the moment dont seem to distribute msi's through group policy either, though i admit to not looking into this matter further, i presume that it is due to the slower connection. (Please by all means correct me on this!)
Laptops also have issues with keyboard keys going missing (again i presume the kids steal their initials ) and generally laptops having less durability than desktop machines due to the fact they can be moved, need charging and the keyboards have 'steal me' on them somewhere i have never been able to find.
60 laptops for 1-2 cheap wireless access points is also pushing it imo. if i had a choice i would choose wireless switch, decent AP etc.
Anyway they are mostly negative points but all worth consideration.
Moving to laptops over wireless is never a good idea in a school, we have over 400 of them. But if like me you have to do it then mandatory profiles would ease the pain if you cut costs in the wireless network. Spend money on decent wireless kit and well specced laptops and you should be able to keep the roaming profiles.
In addition - you will find that the maintenance costs of laptops is far higher than PCs, you'll spend thousands replacing keyboards, batteries and screens.
No matter how good the kit or wireless network you will never get the same performance than you get from a suite of PCs.
THanks all for your input, you have helped me look at some issues that i wouldnt have thought of, especially the maintenance costs and such.
One thing i want to ask is, if i setup mandatory profiles and stuff so that they cant change their profile or whatever, what about breaking the system like formatting the c: drive and such or deleting files from the c drive.
Obviously these can be sorted by GPO but the head has said she doesnt want me using GPO's.. so im like what should i do then?
OK - How are you expected to implement Mandatory profiles without using GPO?
The only option I see is to edit the Local Profile manually on each laptop which would be easy enough on one then image the remainder but what happens if something needs changing? You will either have to amend each laptop individually or reimage the lot!
Does your head understand what a GPO is?
Does she not realise that without locking things down your students can not only wreck the setup of machines but also install anything leaving your network open to destruction?
In the past I've created local policies on laptops (before imaging) to restrict desktop access when used on a peer networks. Hiding things works fairly well in primary schools it just makes access to them a little more difficult. For instance hide all the control panels, because local policies affect all users including admin you can only hide them, place a shortcut to control panel on the administrators desktop also place a shortcut for your local saved policy before enabling them. Be very careful not to lock yourself out, take an image of the laptop with policies disabled just in case. You can hide drives just the same as you may in AD so your system drive can be hidden from view.
On your SLTs idea of having a wireless setup, not very good really as the TCO is far greater both in support and maintenance/setup. As above try and keep a wired desktop ICT suite then you will always have systems available, the charging requirements of laptops will mean they will not be available all the time, so you'll get less use from them.
Mandatory profiles are preferable to Roaming profiles as they don't ggggggggggggrrrrrrrrrrrrrooooooooooooooowwwwwwwwww wwwww and slow down login times.
You need to sit down with whoever and explain the importance of locking absolutely everything down on the network so that nobody can get into things they shouldn't, and so that nobody can get up to anything they shouldn't
"They wouldn't do that" isn't a valid argument not even in a very 'nice' girls' prep (primary) school like mine... believe me they would and they do!
Yea i setup a profile yesterday on the network and just did a quick test with auto loigin for education city and digital brain which worked fine, so i was like, yea ive played with profiles, i can sort that out easily but we'll still have to use gpo's for things like locking down the start menu and accessing the c drive etc and shes like nope they cant get into it.. i was like.. well how? if it isnt locked down whats stopping them? I think she understands the IDEA of profiles and such but not the actual aspects that go into everything else like protecting the network and such.
I dread having to put wireless keys on each WAP we use and if something happens for the laptops to forget them ill just go nuts