Tips for managing multiple non-domain, off-site computers?

windows domain remote
6,547

Solution 1

I personally like AD, but you've already said you've decided against it. So...

  • VPN Connections to connect them to the office. (Routing and Remote Access/OpenVPN/Cisco AnyConnect/What came with your router/etc.)
  • LogMeIn or something similar on the clients.
  • You can run WSUS outside of a domain. There are registry keys to help you with that, and they can download their Microsoft updates via the VPN. This will also give you reports on patch compliance. You can push out these keys one of the ways below. (Be careful with the SusClientID and PingID--they cannot be identical on all machines. Also, WinXP takes those keys like a little doll, but you might have to handhold 7 a bit.) Conversely, you could foist an update policy on the clients that involves going directly to Microsoft and have done with it.

Which leaves us with software installs/updates. Money and time spent will be in inverse proportion to each other, in my experience, but your mileage may vary.

  1. Management software like Altiris Deployment Solution, LANdesk, etc. Pros: Built for this, and they make it a lot more manageable. Your clients do show up in the console when they're connected to the VPN, although the connection can be stinky. Cons: Costs money, although I believe most of them charge by the client.
  2. Scripts and PSexec, although I've never tested running them over a VPN and you'd probably have trouble finding individual workstations. Pros: Free. Cons: You'd probably have to LogMeIn to a remote machine and run PSexec on the local machines that way.

Which is why Grant is in favor of Active Directory for software installs. Honestly, I was just absurdly happy when a former employer finally got AD and I could finally stop pushing out registry keys via management software.

There are also (very few) places that do remote desktops as a service (Desktone, Molten, Citrix, Amazon has a beta). You might be a candidate for that. It's definitely worth looking into in your case, IMHO.

What I would recommend is:

  • Figure out how much it would cost to hook the remote sites into your existing domain, including hardware, software, and someone to manage it.
  • Price various software packages (Altiris, LANdesk), including hardware, software, and someone to manage it.
  • Price hiring another tech or two.
  • Price the various Desktops as a Service providers and see if they look like a good fit.

Hopefully, at that point, something will start to look right to you. Good luck!

Solution 2

Active Directory.

We had decided early on the cost to create and manage the infrastructure to hook into our home office domain was not enough to justify what little we needed it for...

At the time, that might have been true. However, now, you're getting to the point that without a domain, it's unmanageable in non-polynomial time.

So it's time to revisit that decision, buy a couple of servers (yes, proper servers), and install Windows Server 2012 R2. It's not even that expensive any more.

That way, you'll be able to deploy software and updates with WSUS, have greater control over who does what with GPOs. You can even deploy new systems to bare metal with WDS.

Seriously. 150 nodes. You need a domain. If you don't think so, you're wrong.

Share:
6,547

Related videos on Youtube

TSFroggy
Author by

TSFroggy

Updated on September 18, 2022

Comments

  • TSFroggy
    TSFroggy over 1 year

    My home office uses a Windows domain that hosts about 25 nodes. There are 17 locations out in the field (70% Windows XP, 30% Windows 7) with anywhere from 4-10 computers that are not joined to this domain and don't exist on a domain. We had decided early on the cost to create and manage the infrastructure to hook into our home office domain was not enough to justify what little we needed it for (they all connect to our web application to do their work anyways.)

    However, this creates a big time sink for our (very small) IT department whenever we need to do any kind of maintenance on the field machines. I'd love to see us save some time with a tool or set of practices that will allow us to better manage these systems remotely, even if it is something as simple as managing updates, running commands, or pushing Firefox out to everyone.

    What are some good tools/practices to manage this problem for about 150 remote, non-domain nodes? Any software solutions should be recommended knowing that we are a small company with a constrained IT budget.

    • kralyk
      kralyk over 10 years
      Windows InTune.
    • TomTom
      TomTom over 10 years
      Did yuo reevaluate the "cost for joiing them to a domain" because either you value time at 0 or - another evaluation is in order after "we have a lot more work than we originally thought".
    • Katherine Villyard
      Katherine Villyard over 10 years
      You might want to tweak your question so as to remove the request for tool recommendations, so as to avoid running afoul of the "requests for software recommendations are off topic" rule. "What are some cost- and labor-efficient ways to manage widely distributed PCs in a non-AD environment?" or something.
    • Tom O'Connor
      Tom O'Connor over 10 years
      You have 25 nodes in your home office?!
  • Katherine Villyard
    Katherine Villyard over 10 years
    Yeah, but 17 field locations. He's not going to use WDS over the WAN to 17 field locations. He's also not going to buy 17 servers, or however many sites he deems need their own DC. I generally like AD for more than two clients, ;) but in the OP's case I think he needs to evaluate the cost for a variety of solutions, including AD.
  • TSFroggy
    TSFroggy over 10 years
    Tom, I respectfully disagree. Yes, I know the capabilities and benefits of AD. However, I'm an employee, not a decision maker, so I can't (and wouldn't) wire 17 remote locations to AD when the money would be better spent elsewhere. Besides, with our already overextended IT dept, we'd have to add on additional time to manage the AD infrastructure. Perhaps you live in a land where companies have unlimited IT budgets. The reality is that we're a small company and every single dollar is counted. It's cheaper to have someone log into each node to do updates than to make their job easier with AD.
  • TSFroggy
    TSFroggy over 10 years
    thanks for your post. We're definitely not opposed to AD completely, it's just cost prohibitive according to my managers. Plus, introducing dependencies to our office domain via VPN without some kind of offsite domain introduces risk. There are additional costs associated with maintaining AD, which would add to our already overextended hours. Finally, the high turnover in our company would make managing AD credentials somewhat of a nightmare. Mostly, I'm looking for software/techniques to help us manage updates and software deployments.
  • Katherine Villyard
    Katherine Villyard over 10 years
    I also like Altiris and LANdesk, but they do cost money. I believe they charge by the client, however, so your 150 node installation would be a lot cheaper than my 5000 node installation was.
  • HopelessN00b
    HopelessN00b over 10 years
    @TSFroggy If that's their attitude, it might be time to consider finding an employer with a better one. It doesn't seem to me like you're doing yourself any favors sticking around to work for penny-pinchers and develop skills and experience that are largely useless. I could be wrong, of course, but let me leave you with some advice I once got - it's not our job to protect management from the consequences of their bad decisions.
  • TSFroggy
    TSFroggy over 10 years
    @HopelessN00b Point taken. Honestly I'm actually in a dev role with a very tiny dash of support and we have a lot of freedom in the development department, including adding experimental features and getting the tools we need. We do have a bias towards development when it comes to our money because ultimately it provides the best returns, but we're trying to find ways to make support a little easier. BTW, I love the quote and will remember it for another time.
  • HopelessN00b
    HopelessN00b over 10 years
    @TSFroggy Oh, well, if you're a Dev, that's a bit different then... thinking you were the IT guy or sysadmin gave me the most horrible flashback to when I was younger... :)
  • Tom O'Connor
    Tom O'Connor over 10 years
    I disrespectfully disagree. You are wrong.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Finding forgotten RDP sessions?
How to install winexe on Ubuntu?
Use Remmina to RDP into home Remote Desktop Gateway Server
How to login into a Ubuntu machine from Windows
How to display all accessible domains on Windows 7?
How to run an exe on remote machine using cmd?
Folder Redirection GPO setting desktop but not showing it
PSTools: PSExec not working on 64-bit Windows 7
How to login to different user in RDP locked system
An attempt was made to logon, but the network logon service was not started,