How to setup a freelancer laptop on our domain to access network resources without joining the domai

[pheidippides]

Admins of the World:

I run a small windows 2000 server on a network consisting of Macs, WXP Pro and W2K machines. Every machine is accounted for in the active directory. Meaning, they're a part of our domain. However, what happens when a non-domain machine needs to access resources using an existing domain user account? What's the best way to set this up?

And so I scratch my head a bit, chuckling b/c I don't have an answer.
here's the skinny:
The Setup
My company just hired a slew of freelancers to come in on a project. Each one has their own laptop.
And each laptop is running W2K/WXPPro without any domain affiliation whatsoever.
None of the freelancers will join our domain.
I am required to create user account and email objects on the domain for each freelancer.
Each one will need top print and access a multitude of network resources on the domain.

The Question:
How do I configure their local laptops for efficiently accessing our network resources?
That's printing, file sharing, Exchange Email, etc....

Your strategic input for standardizing this deployment will be much appreciated.


Thanks!
pheidippides

 

[jeffrey]

Hi,

Not sure of the answer either, but here`s a thought though. How about just
putting the Freelancers into the same workgroup. I can`t remember, but I
beleive you can then grant access for that workgroup to a print server, so
they can print. As for file sharing, if you can grant their workgroup
access to a file server with permissions setup, they should be able to
access that as well. Now for email, depending on what your using for an
emaill server, you should be able to setup accounts and then the pop3 on the
freelancers computer to access the mailserver, I don`t think the mail server
will block non-AD members from accessing their accounts.

I`m in the midst of creating a Domain with AD for my company and we have
some outside consultants that will need access in the same particular way
your freelancers will, so its only an idea though, it might or might not
work.

Jeff

Admins of the World:

I run a small windows 2000 server on a network consisting of Macs, WXP Pro
and W2K machines. Every machine is accounted for in the active directory.
Meaning, they're a part of our domain. However, what happens when a
non-domain machine needs to access resources using an existing domain user
account? What's the best way to set this up?

And so I scratch my head a bit, chuckling b/c I don't have an answer.
here's the skinny:
The Setup
My company just hired a slew of freelancers to come in on a project. Each
one has their own laptop.
And each laptop is running W2K/WXPPro without any domain affiliation
whatsoever.
None of the freelancers will join our domain.
I am required to create user account and email objects on the domain for
each freelancer.
Each one will need top print and access a multitude of network resources
on the domain.

The Question:
How do I configure their local laptops for efficiently accessing our
network resources?
That's printing, file sharing, Exchange Email, etc....

Your strategic input for standardizing this deployment will be much
appreciated.


Thanks!
pheidippides

 

[pheidippides]

her physical location is key...is she Online or Offline?
Online = In the office sitting directly on our LAN
Offline = Not in the office, at home, somewhere else...basically not sitting atop our LAN

If Online, then, the three big issues are access to network shares, access to network printing and email...
When in the office I've set this user up with a little batch file which authenticates her on the domain, maps two network drives to her computer and loads three network printers. The batch file reads like this:
rem @echo off
rem *** Map network drives ***
net use S: \\SERV1\Company /delete
net use S: \\SERV1\Company * /USER:CORP\janedoe
net use Y: \\SERV1\TimeTrack /delete
net use Y: \\SERV1\TimeTrack
rem *** Load Printers ***
\\SERV1\netlogon\con2prt /c \\SERV1\Printer1
\\SERV1\netlogon\con2prt /c \\SERV1\Printer2
\\SERV1\netlogon\con2prt /c \\SERV1\Printer3
END
Then I configured her Exchange Email client, Outlook, for POP3 messaging. ON the Exchange server I had to allow port 110 to get through our firewall and i also setup the user account so that it responds to send/receive requests for POP3 email both inside and outside our network.

When she's Offline, all she has access to is POP3 email.


In conclusion:
The problem of what to do with freelance employees that have their own laptops when I'm required to grant them access to various network resources on the company domain, was quite a conundrum until I decided to do a half-way integration with our AD. I created a vaild user account in the AD for my freelance user. A user account like any normal employees inherent with access permissions for tranversing the file server, sending jobs to network printers and transacting messages with our company exchange server. Since the freelancer had their own laptop i wasn't about to join it to our domain, for many reasons (most importantly, I don't want to start supporting non-styandard equipment). So the domain user account wouldn't get associated with this laptop ever, it's not in the local profile nor part of the local administrator group. therefore, access becomes "piped" through the batch file. When launched, the script makes a call to the AD b/c it's trying to access network resources. The SAM database responds prompting for a password which, when authenticated, becomes part of the access token for that freelance local user account (the local user account gets temporarily recognized as valid on the domain b/c it authenticated against a valid domain user account.)

In the script, janedoe is a valid user account on the CORP domain. The "*" is a wildcard that prompts the user to type a password corresponding to this user account.


Does this sound easy?
Yes...
Did it take me a while to figure this out?
Yes...
Hopefully it will help someone else in the future...

pheidippides
Hi,

Not sure of the answer either, but here`s a thought though. How about just putting the Freelancers into the same workgroup. I can`t remember, but I beleive you can then grant access for that workgroup to a print server, so they can print. As for file sharing, if you can grant their workgroup access to a file server with permissions setup, they should be able to access that as well. Now for email, depending on what your using for an emaill server, you should be able to setup accounts and then the pop3 on the freelancers computer to access the mailserver, I don`t think the mail server will block non-AD members from accessing their accounts.

I`m in the midst of creating a Domain with AD for my company and we have some outside consultants that will need access in the same particular way your freelancers will, so its only an idea though, it might or might not work.

Jeff

Admins of the World:

I run a small windows 2000 server on a network consisting of Macs, WXP Pro and W2K machines. Every machine is accounted for in the active directory. Meaning, they're a part of our domain. However, what happens when a non-domain machine needs to access resources using an existing domain user account? What's the best way to set this up?

And so I scratch my head a bit, chuckling b/c I don't have an answer.
here's the skinny:
The Setup
My company just hired a slew of freelancers to come in on a project. Each one has their own laptop.
And each laptop is running W2K/WXPPro without any domain affiliation whatsoever.
None of the freelancers will join our domain.
I am required to create user account and email objects on the domain for each freelancer.
Each one will need top print and access a multitude of network resources on the domain.

The Question:
How do I configure their local laptops for efficiently accessing our network resources?
That's printing, file sharing, Exchange Email, etc....

Your strategic input for standardizing this deployment will be much appreciated.


Thanks!
pheidippides