Windows Thread, Allowing school laptops to be used outside the network? in Technical; I have seen topics with mention of this on here and very mixed views but with a new batch of ...
10th January 2012, 09:58 AM #1
Allowing school laptops to be used outside the network?
I have seen topics with mention of this on here and very mixed views but with a new batch of CLT laptops coming very soon and the increasing requests for them to be able to use them both in school and on their networks at home I was wondering what the best method is. We currently operate a policy of a device used in school on the network remains on the network, if a staff member wants to use it on their home network then it shall be removed from ours permantly or until we have checked it over before allowing it back on.
We also currently use Sophos and although im yet to read much into it would Sophos NAC be able to assist this task? I'm also yet to look into offline documents but its something which would be really useful to staff, if anyone has any advice or genral things to look out for then please let me know as this would be great!
IDG Tech News
10th January 2012, 10:55 AM #2
Regards Sophos, you can configure it so that if the device is not attached to the network it will seek out a secondary - in this case on-line - location from which to obtain its updates.
10th January 2012, 10:59 AM #3
The majority of mine are off the network. When i have tried to set them up like that ive not had much luck (my fault probably!). Sophos seems to do its job, but then i think a lot of our staff use them more at home then in school anyway as they have PCs in there rooms.
Do your staff move around a lot?
10th January 2012, 11:23 AM #4
We have always kept ours off the network as most teachers want to do their own thing with them, they can always get to their work via remote access either in the school or out of the school.
I do find that laptops are a good way of pushing the latest applications out to the teachers first before introducing them on the network as this gives the staff time to adjust to the differences from the older apps.
It has worked for us for the past 8 years and continues to work very well, not much to do with them except image beforehand and then when they come back after the installation of everything off the net we just rebuild from image, update and then re-image ready for the next time. Build is Windows 7, Office 2010 with Microsoft Essentials as the AV and malware manager. Any other packages which they use in the line of their duty is installed and that's it.
It works just fine for them and they appreciate the fast turnaround.
Unfortunately as from last year the school policy is "No more laptops for Teachers or other Staff" in future they have to purchase their own.
Thanks to bossman from:
ste1988 (10th January 2012)
10th January 2012, 11:28 AM #5
Ours are on the domain and staff are free to take them home. We have McAfee which will happily sit working away with a virus installed anyway 8(. We have recently re-imaged every laptop with windows 7 enterprise with the intention of making use of encryption school wide.
10th January 2012, 11:34 AM #6
For our domain laptops that leave school we use Sophos with a secondary online server (no proxy) so it can update at home. We also have them set up with offline files so staff can work at home on their work which then syncs with the servers when coming back to school, and we have TrueCrypt installed for encyrption of any machine that leaves school.
So far we've not had many problems virus wise, and offline files works well (as long as you don't sync your network shares).
10th January 2012, 11:36 AM #7
They arn't moved around alot no but staff have shown they would like to have more freedom and asked us if possible. They currently have access to their documents via the LG and sharepoint anyway so its not too bad
10th January 2012, 12:03 PM #8
The big problem for us is getting them in - SLT won't 'insist' and on a voluntary basis the most we've had for a summer rebuild is about 30%!!
Originally Posted by bossman
10th January 2012, 12:05 PM #9
What! Eugh, i could only wish for such a thing! Ive been told by a member of staff today that she is putting in a letter of complaint because she doesnt have a laptop. She does have one, sat with me, but its a complete brick! Unfortunately my wand ran out of fairy dust so cant make it work better. PLUS this is the woman who complained her laptop wouldnt work and it was because the battery was completely flat and she hadnt plugged it in...
Originally Posted by bossman
Sorry, rant over! lol Back to the thread....
10th January 2012, 12:06 PM #10
Ours are also on the domain and they are free to take them home.
We give them a separate local admin user to do whatever they want with it.
10th January 2012, 12:18 PM #11
We're about to start looking at client hypervisors, so that they have a fully supported school network build for in-school with full connectivity (offline files etc, but if taken out of the school will not connect to a network), and a seperate "home" installation which they can do whatever they want with (except connect to the schools network).. if they break that, the work one will still be fine. Lots of settings etc to check through, but would certainly solve some of the problems we see. The carrot of the home version should work.
10th January 2012, 02:15 PM #12
Our staff log in to their laptop, we then set their user account to be a local admin so they can add home printers. They have a proxy .pac file to they can access the internet at home. Offline files is set up so they can work on files at home.
Our staff wouldn't be able to cope with two accounts. Nor would they understand the difference!
15th January 2012, 10:31 PM #13
- Rep Power
Our staff have a seperate local user account that they use at home. We don't have offline files set up but I think if you have offline files and add their account to be a local admin on the laptop for when they are at home that would be the best option.
McAfee AV seems to keep the viruses etc out for us
15th January 2012, 10:52 PM #14
In Birmingham schools, there should be a Primary Sophos instance for updates within the school network and a Secondary instance hosted at the LA for laptops used at home.
Once all policies are setup properly, everything just works. I join laptops to the school domain so it means staff receive Sophos, Microsoft Updates and newly deployed MSIs.
Staff use two separate accounts - jbloggs for domain logon and .\jbloggs for local logon to their own laptop only.
Optionally staff use VPN to access their files remotely.
15th January 2012, 11:53 PM #15
We used to do that, have since switched to an offline files method of doing things so they logon with the same username + pw on and offline, with their home folders synced.
Originally Posted by zag
Most staff are then setup as standard users so they can't break it, with the odd few who really can't do without admin rights being given local admin to the same account to install stuff.
By TechSupp in forum Windows
Last Post: 30th March 2011, 07:02 PM
By richard_s in forum How do you do....it?
Last Post: 6th March 2009, 02:36 PM
By tosca925 in forum How do you do....it?
Last Post: 28th April 2007, 08:31 AM
Last Post: 6th February 2006, 04:05 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)