Viewing 1 reply thread
  • Author
    Posts
    • #1555663
      Stephen Boyd
      Participant
      Member Points: 187
      Rank: 2

      Hi,

      As with staff from most companies mine took their laptops home. We did not have too much time to prepare so missed a few things, like;

      • How AD and Windows 10 profile passwords will be kept in sync
      • How apps like Office and possibly even windows will communicate with KMS
      • How Windows computer accounts will stay current

      The laptops are all Windows and are domain joined and staff use domain profiles. KMS is on the DC’s.

      We thankfully have Cisco AnyConnect on the computers but I don’t know how to set it up / the firewall to deal with the above 3 points. I also don’t want to give full and unfetted access to the Domain Controllers from the laptops.

      Can someone please offer me some suggestions. I’m guessing others will be in the same boat?

      Thanks 🙂

      avatar
    • #1555664
      Leos Marek
      Moderator
      Member Points: 23,212
      Author of Year 2020Author of the Year 2021
      Rank: 4

      Hi Stephen,

      if you have a VPN up and running, you should be all good in all points.

      How AD and Windows 10 profile passwords will be kept in sync?

      remotely it works like this:

      1. User is notified about password will expire soon
      2. User has to be on VPN and then he changes the password normally
      3. After the change, he HAS to lock his computer (Win+L)
      4. Unlock the computer with new password

      Thats it. The important steps are 3 and 4. If this is not done, there can be a situation when user has to unlock computer with old password and then join VPN with new password, which usually ends with some troubles and possible locking the user out of his PC completely.

      How apps like Office and possibly even windows will communicate with KMS

      On VPN, no problem. Even without VPN there is like 30 days or so when the apps stay activated (not sure about the number of days). Then user gets notification upon Office start that it needs to be reactivated.

      How Windows computer accounts will stay current

      The password change is initiated by the computer, not by AD. If AD is not available, the change will not occur. You should be all good there too.

       

      Hope that helps

      Cheers

Viewing 1 reply thread
  • You must be logged in to reply to this topic.
© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account