Announcement

Collapse
No announcement yet.

How to set up laptop for home use

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to set up laptop for home use

    Hi everyone,

    I have a user who has a laptop that they would like to use both at the office and at home. They came to me and told me that they use the laptop mainly at home but when they come to the office, they would like to access the domain's resources. So I joined their laptop to the domain. However, when they're at home, they can't log in because the laptop cannot contact the domain controller. How can the laptop be allowed to log in even without being at the office?

    Thanks in advance.
    Last edited by fumoboy007; 17th May 2009, 05:27.

  • #2
    Re: How to set up laptop for home use

    In a group policy that will apply to the laptop, enable cached logons and give it a reasonable number (default is 10) before having to contact a DC
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: How to set up laptop for home use

      Originally posted by Ossian View Post
      In a group policy that will apply to the laptop, enable cached logons and give it a reasonable number (default is 10) before having to contact a DC
      But I want them to be able to log in an unlimited amount of times at home.

      Comment


      • #4
        Re: How to set up laptop for home use

        Remove it from the domain?
        Or look at some sort of VPN
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: How to set up laptop for home use

          ok.. the more pertinent question is:

          the laptop. does your company own it, and control it, and install the software on it and maintain the patches and antivirus and things like that ?
          if NOT, then it doesn't matter really, to my mind, that they want to use their laptop at work. if it's NOT our work laptop, and we don't manage it, then you don't use it on my network.

          and when you plug it in anyway without having it on the network, i find it's mac address and block it.
          it was really quite funny..
          "hey it guy, the internet's not working, and i cna't access the file server"
          'are you using the proxy for the internet ?'
          "no"
          'hm.. that's a start... is anyone else having problems accessing the network ?'
          "no, just me"
          'ok i'll come look at your computer'
          *shows me laptop*
          thats not ours. i dont care. walk away.


          heh.. now that i'm back on topic.

          if it IS a work-supplied laptop, you just set it up to cache 10 logons, so that they can take it home every day and be able to use it, but if it's not back on the network within reasonable time frames, they can't logon.
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: How to set up laptop for home use

            Cached credentials are the solution and by default they are turned on. They also don't expire, so if you're having trouble with cached credentials, maybe that feature is disabled? Check the Computer Configuration >> Windows Setting >> Local Policy >> Security Options >> "Interactive Logon: Number of previous logons to cache" policy on the domain and see what the number is. If it's 0, then as Ossian said raise it to something reasonable. 10 is the default and 50 is the limit. That number is basically saying how many individual users can have cached credentials on one PC. So by default 10 different user accounts can have cached credentials on one PC at a time.
            Wesley David
            LinkedIn | Careers 2.0
            -------------------------------
            Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
            Vendor Neutral Certifications: CWNA
            Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
            Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

            Comment


            • #7
              Re: How to set up laptop for home use

              Damn, thats news to me, but absolutely correct:
              http://technet.microsoft.com/en-us/l...73(WS.10).aspx

              Now what is the GPO setting to determine how many times someone can log on without a DC being available?
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: How to set up laptop for home use

                Exactly Nonapeptide. They should be able to log in as many times as they need, unless the GPO is set to only allow a certain amount of logins.

                Also, they should still be able to login to the local computer with their local account (unless you have a gpo that says to rename local admin or something silly). Or you could give them a network login and let them access resources via their local login. They don't really need to be joined to the domain in order to get to network shares.

                Or put them in a specific GPO that doesn't inherit the GPO's above it and assign them specific a GP or set of GP's.
                GoogleFu is strong with this one ^

                Comment

                Working...
                X