+ Post New Thread
Results 1 to 13 of 13
Windows Thread, How do you handle home directories on Laptops? in Technical; For as long as I can remember we've been using Offline Files on their home directories meaning when they log ...
  1. #1
    Sam_Brown's Avatar
    Join Date
    Sep 2009
    Location
    Northampton
    Posts
    594
    Thank Post
    100
    Thanked 42 Times in 40 Posts
    Rep Power
    19

    How do you handle home directories on Laptops?

    For as long as I can remember we've been using Offline Files on their home directories meaning when they log on of off the laptop automatically "synchronise" their home areas with the file server.

    This used to work quite well but over the last few years as home areas have grown some people are having to wait 10-15 minutes every logon and logoff while their home are synchronises.

    I was just wondering how other people handle staff home directories on laptops and manage to keep logon and logoff times low?

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,252
    Thank Post
    898
    Thanked 1,785 Times in 1,537 Posts
    Blog Entries
    12
    Rep Power
    463
    Are you still on XP? On Windows 7 it does it in the background.

  3. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,247
    Thank Post
    882
    Thanked 2,745 Times in 2,319 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by FN-GM View Post
    Are you still on XP? On Windows 7 it does it in the background.
    plus one, Offline files in Vista, 7 and 8 are way better. It's been forever but there may be an option in GPO for XP to not perform a full sync each time. We had users running alright with 80GB of files in this configuration but the offline file sync did take a while in the background.

    With 7 I think the biggest I've come accross is 200GB via offline files.

  4. #4
    Sam_Brown's Avatar
    Join Date
    Sep 2009
    Location
    Northampton
    Posts
    594
    Thank Post
    100
    Thanked 42 Times in 40 Posts
    Rep Power
    19
    Windows XP although moving to Windows 7.

    It may be quicker on Windows 7. I will investigate when we get there. However I imagine the initial "sync" on 200gig is still likely to take some time!

    Other solutions I've heard include...

    * Everything is saved locally and users can run a batch file to "back up" their data to the server.
    * Users have a folder within their homearea they can copy files to they want to work offline. Anything within that folder gets sync'd. Anything outside gets saved on the server only.
    * No home areas whatsoever out of work and the only way to access their files is via remote access to the school resources.

    Anyone use any of the above at all? I'm not particarily sold on any of them. Offline Files seems to be the ideal way to do things although have issues with time spent synching at the moment.

  5. #5
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,909
    Thank Post
    954
    Thanked 451 Times in 380 Posts
    Blog Entries
    12
    Rep Power
    93
    We just have a remote access server they can login to anytime.

    No need for synced copies when its basically in the cloud from anywhere with an internet connection.

  6. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,252
    Thank Post
    898
    Thanked 1,785 Times in 1,537 Posts
    Blog Entries
    12
    Rep Power
    463
    Quote Originally Posted by zag View Post
    We just have a remote access server they can login to anytime.

    No need for synced copies when its basically in the cloud from anywhere with an internet connection.
    With offer that as well as offline files. If you dont have an internet connection for whatever reason you can carry on working "Offline".

  7. #7

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,747
    Thank Post
    312
    Thanked 359 Times in 220 Posts
    Rep Power
    148
    We use HAP+ for remote access to files coupled with RDWeb for remote access to apps to work with them.

    I also share the local user's home area and then map it back while on the network as \\127.0.0.1\LocalWork (hidden by a custom label) so they can access work they've saved locally while still on the network, avoiding the need to switch user.

  8. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,252
    Thank Post
    898
    Thanked 1,785 Times in 1,537 Posts
    Blog Entries
    12
    Rep Power
    463
    Quote Originally Posted by Ephelyon View Post
    We use HAP+ for remote access to files coupled with RDWeb for remote access to apps to work with them.

    I also share the local user's home area and then map it back while on the network as \\127.0.0.1\LocalWork (hidden by a custom label) so they can access work they've saved locally while still on the network, avoiding the need to switch user.
    Why would you have 2 accounts? Why not use cached credentials when using the laptop at home?

  9. #9

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,747
    Thank Post
    312
    Thanked 359 Times in 220 Posts
    Rep Power
    148
    ... security. Gaining local admin access to a single laptop means you have compromised one workstation in one place which is largely just a node to interface with the main system, but gaining access to locally-cached credentials would mean an attacker could log into our remote access system at 4am and start fiddling with things, stealing or deleting data. Our defences are robust and our backup/DR facilities are strong, but the more remote access possibilities you provide (which is brilliant for productivity), the more risk of compromise.

    Same with Offline Files; our data is a critical asset and should be stored in one place, locked by heavy doors and yada-yada-yada. Naturally it can be accessed from anywhere, but physically it needs to stay put.
    Last edited by Ephelyon; 16th April 2013 at 07:06 PM.

  10. Thanks to Ephelyon from:

    zag (19th April 2013)

  11. #10

    Join Date
    Apr 2013
    Location
    Lincolnshire
    Posts
    162
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Cisco VPN for us offline files has always been a nightmare at least this way they just go home connect to there own internet and VPN in.

  12. #11
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,318
    Thank Post
    54
    Thanked 172 Times in 152 Posts
    Rep Power
    50
    VPN only here. If you want to save on your desktop/My docs thats fine but staff are aware that its not backed up. Most prefer to use the VPN as they have access to all the curriculum software.

    Matt

  13. #12

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,252
    Thank Post
    898
    Thanked 1,785 Times in 1,537 Posts
    Blog Entries
    12
    Rep Power
    463
    Quote Originally Posted by Ephelyon View Post
    ... security. Gaining local admin access to a single laptop means you have compromised one workstation in one place which is largely just a node to interface with the main system, but gaining access to locally-cached credentials would mean an attacker could log into our remote access system at 4am and start fiddling with things, stealing or deleting data. Our defences are robust and our backup/DR facilities are strong, but the more remote access possibilities you provide (which is brilliant for productivity), the more risk of compromise.

    Same with Offline Files; our data is a critical asset and should be stored in one place, locked by heavy doors and yada-yada-yada. Naturally it can be accessed from anywhere, but physically it needs to stay put.
    Locally Chached credentials are encrypted..... There is no security risk.

  14. #13

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,747
    Thank Post
    312
    Thanked 359 Times in 220 Posts
    Rep Power
    148
    I can't agree - largely because I've recovered them myself in the past.

    Network Password Recovery Wizard: recovering domain cached credentials

    This goes into it in more detail (albeit from the point of view of one piece of software) but the top and bottom of it is that they can be brute-forced just like any other hash (salted or otherwise). Naturally how feasible that would be time-wise depends on how secure the passwords are in the first place... but let's consider the sector we work in...

    However, there is one advantage in that we use full-disk encryption on our laptops. But two further problems remain:

    1) I have literally had a user get annoyed with entering a boot password, download the tool we use and physically remove the encryption. Naturally this was dealt with but not before it had been unencrypted for months;
    2) Theft isn't the only way an attacker might come into contact with encrypted data - see this: Schneier on Security: "Evil Maid" Attacks on Encrypted Hard Drives



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 5
    Last Post: 28th April 2010, 09:59 AM
  2. How do you handle student owned laptops?
    By mctnguy in forum How do you do....it?
    Replies: 19
    Last Post: 3rd March 2010, 12:49 PM
  3. Work@home rights - how do you handle installation?
    By pete in forum School ICT Policies
    Replies: 7
    Last Post: 28th August 2009, 01:19 PM
  4. How do you back up DATA on OS X
    By HodgeHi in forum Mac
    Replies: 5
    Last Post: 20th October 2008, 08:57 AM
  5. How do you insert a formulae on open office
    By stu in forum How do you do....it?
    Replies: 4
    Last Post: 1st April 2008, 12:47 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •