XP Laptop Security

[Sbrown95]

Environment: 100% Windows XP Professional, Windows Server 2003 Active
Directory. All users have Standard limited User Accounts.

NO we do not use windows Vista, YES i WISH we did, but it will take at
least another year of testing for it to get approved for onsite use.

What are you guys doing for the user that needs to take his laptop on
the road and install devices (projectors, printers, etc) and config
network settings,etc - yet still limit account access when domain
connected??

I have been tasked with coming up with a solution for devices that can
be used both offsite and onsite. This is a first for us. Currently
users with laptops are not allowed to connect them to our corporate
network (they use citrix from public locations and corporate desktops
when here at work).


We are getting requests from upper management to allow them to connect
their laptops to a docking station here at work and relinquish the
desktop.

This now presents the problem: How do we allow the user to securely
connect to our domain with a limited/restricted user account, yet
still allow them to perform necessary tasks while on the road??

Since this is a new scenario for us we are looking for ANY input you
guys can offer on what you are doing in similar situations.

I appreciate ANY INPUT you guys can offer. Thanks!

 

[M.I.5¾]

Environment: 100% Windows XP Professional, Windows Server 2003 Active
Directory. All users have Standard limited User Accounts.

NO we do not use windows Vista, YES i WISH we did, but it will take at
least another year of testing for it to get approved for onsite use.

What are you guys doing for the user that needs to take his laptop on
the road and install devices (projectors, printers, etc) and config
network settings,etc - yet still limit account access when domain
connected??

I have been tasked with coming up with a solution for devices that can
be used both offsite and onsite. This is a first for us. Currently
users with laptops are not allowed to connect them to our corporate
network (they use citrix from public locations and corporate desktops
when here at work).


We are getting requests from upper management to allow them to connect
their laptops to a docking station here at work and relinquish the
desktop.

This now presents the problem: How do we allow the user to securely
connect to our domain with a limited/restricted user account, yet
still allow them to perform necessary tasks while on the road??

Since this is a new scenario for us we are looking for ANY input you
guys can offer on what you are doing in similar situations.

I appreciate ANY INPUT you guys can offer. Thanks!

What you want to do sounds like the domain of a third party access control
tool. Some of these can be configured on a device by device basis as to
what the user can connect and, in the case of read write media, limit acces
to reading only. Some more advanced tools can also log every file
transfered if desired. The system we use is a system called Sanctuary by
SecureWave. It looks like they have been taken over but you could start
here:

<http://www.lumension.com/landing.spring?contentId=139652&rpLeadSourceId=622&origin=securewave>

I doubt that this is the only solution.