Laptop Administration

C

Chris Sprague

I was wondering if there was a way to force laptop users to check into the
domain to allow updates to their computers. The best way would be if i can
disallow login with a message that reports the computer most be returned to
the domain. If anyone has written a script or knows of an embedded windows
function that allows this, it would be helpful. Thank you.
 
S

Steve Riley [MSFT]

Hm, this happens sort of automatically in most cases. A user returns from a
business trip, goes to the office, plugs into the network there, and
receives group policy, SMS, and NAP updates.

Do some of your laptop users never return to the office?
 
C

Chris Sprague

Steve,

The problem is, left unchecked, a number of the laptop users do not return
to the network for one month or more. I work at a school system and the
teachers work on PP and other teaching tools at home, show the PP
presentation to their class, but never connect the laptop to the network.
There have been a couple of cases where the virus definitions were not
updated and the windows updates were not done, and a virus was allowed to
corrupt the laptop and then hop onto the network when the user connected. If
there was a policy that I could create that would force the computer to be
hooked back into the domain at least once a week, it would help reduce the
risk to the laptops.

Thanks,

Chris
 
S

Shenan Stanley

Chris said:
The problem is, left unchecked, a number of the laptop users do not
return to the network for one month or more. I work at a school
system and the teachers work on PP and other teaching tools at
home, show the PP presentation to their class, but never connect
the laptop to the network. There have been a couple of cases where
the virus definitions were not updated and the windows updates were
not done, and a virus was allowed to corrupt the laptop and then
hop onto the network when the user connected. If there was a
policy that I could create that would force the computer to be
hooked back into the domain at least once a week, it would help
reduce the risk to the laptops.

Why is your antivirus software on laptops setup so it can only get updates
from your server(s)?
 
C

Chris Sprague

I just started a few weeks ago working for this school division. The current
policy install for Symantec and Windows update is to update from internal
servers. They want to control the Windows updates on all computers so they
are the same. For the Symantec, I wasn't aware of a setting that allowed
both mananged and unmanaged depending on location. At the last company I
worked for, I set all laptops to point to Symantec and do live-updates. This
worked effectively there, however, I lost the ability to admin. the Symantec
on those laptops from the server. This only works well in situations where
there are few laptops, or tech savy people using the laptops. What I need in
this situation is the ability to verify all updates from the server for
Symantec and Windows update.
 
C

Chris Sprague

Steve,

We have the authority to lock them off of the network if the break the
rules, however, our job is to provide the best support we can. We just want
to prevent a virus running amok in the network when a laptop goes off and
bring back something after 3 months of no windows updates or virus updates.
They had this happen last year, so we can implement something within the
current political enviroment. We want to give them as much leeway as
possible, but not enough to provide a great possiblity of damage.

Chris
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top