Designing Managed Configurations for Mobile Users

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Many organizations have mobile users — traveling employees who often use portable computers. Typically, mobile users log on to the same computer. Sometimes they connect by using a high-speed line and sometimes by using a low-speed (or dial-up) line. Some mobile users never have a fast connection. Mobile users fall into two main categories:

  • Users who spend the majority of time away from the office or have no fixed office. Typically, these users connect by using slow links, although they might have occasional LAN access to their logon server, data servers, and application-delivery servers.

  • Users who spend most of their time in an office but occasionally work at home or in another location. The majority of their network access is at LAN-speed, but they occasionally connect by using remote access or remote network links.

Despite the apparent differences between these two types of users, you can often accommodate them with a single configuration. However, you might want to create a slightly different GPO for users who spend the majority of their time out of the office.

Mobile users are often expected to provide much of their own computer support because on-site support is not available. For this reason, you might want to elevate those users’ permissions so that they can install printers, for example.

However, you can also restrict mobile users from making system changes that might damage or disable their computers. For example, you might restrict mobile users from altering certain Internet Explorer settings or adding unapproved hardware devices. If those users need access to some MMC administration snap-ins, you can make a restricted set of those tools available to them.

Mobile users expect transparent access to the most critical parts of their data and settings even if their portable computer is not connected to the network. For example, they roam to desktop computers while their portable computer is in use to read mail while they are in a remote office. Finally, mobile users frequently disconnect their portable computer from the network without logging off and shutting down. This is more likely to happen when they use the hibernate and standby features of Windows XP Professional.

IntelliMirror provides several tools that simplify managing mobile users. By using the management tools of user data and settings, users can work on files offline and automatically update network versions of those files when they reconnect to the network. By using the Offline Files feature, users can work on network files when they are not connected to the network. Synchronization Manager coordinates synchronization of any changes between the offline version of a file and the network version.

Note

  • If users are likely to disconnect from the network without logging off, it is recommended that you set Offline Files to periodically synchronize in the background. If Offline Files is set to synchronize only when users log off, users’ files might not be current. You might also want to educate users to manually synchronize their data before disconnecting from the network to ensure that all files are current.

Synchronization Manager also helps manage multi-user network files. If multiple users modify the same network file, Synchronization Manager notifies the users about the conflict and offers several resolution methods. The users can save the network version, their local version, or both versions. If both are to be kept, the user is asked for a new file name to store one of the versions so that uniqueness is maintained.

Software Installation for mobile users requires some additional planning. You can make sure that all important software components, defined by you or the user, are completely installed initially. This allows users to access the necessary software even when they are not connected to the network. That means that prior to these users leaving the office, you must ensure that all relevant features within the application are installed locally and are not just advertised. For example, make sure the spelling checker for Microsoft® Office is locally installed so that the user does not trigger on-demand installation of this feature while offline.

It is not recommended that you publish software for mobile users who connect over slow links. Additionally, when mobile users connect over a slow link, user-assigned software effectively behaves the same as if you published it for these users. If you set the Group Policy slow-link detection setting to the default in the user interface, the software is not installed on demand. However, in the Group Policy setting for slow-link detection, you can define the connection speed that you consider to be a slow link.

Note

  • It is recommended you treat any link that is slower than local area network (LAN) speed as a slow link.

If you determine that it is appropriate for mobile users to download software from a remote location and they experience difficulty staying connected when downloading the software, you can verify that the connection speed and Group Policy settings are set appropriately in the Group Policy slow link detection setting in Computer Configuration/Administrative Templates/System/Group Policy or User Configuration/Administrative Templates/System/Group Policy.

Typically, a mobile user has a single portable computer and does not roam between portable computers (unless the computer is replaced). However, roaming user profiles give some protection against the failure or loss of a portable computer and allow a user to roam to a desktop computer to connect to a fast network. If the mobile user is not often connected to a fast network, it is better not to use roaming user profiles.

Data accessed by the mobile user typically falls into one or more of the following categories:

  • Data that resides on a network server and that users want to access while not connected to the network. Users typically own this data (for example, their home directory), but shared data can also be stored on the local computer.

  • Data that resides only on the network server (either not needed offline or volatile shared data that is inappropriate for storing offline).

  • Data that resides only on the portable computer hard disk. Examples are policy manuals or other read-only items or large document sets that are needed offline by the user but the performance overhead of synchronizing precludes storing them on a file server. (In this case, a suitable backup mechanism is definitely needed.) Other examples are large database files or other data items that have their own synchronization mechanism, such as the offline storage feature in Microsoft® Outlook® messaging and collaboration client.

Table 7.3 summarizes desktop management features that you can use to create a mobile user configuration.

Table 7.3   Features of a Mobile User Configuration

Feature Explanation

Folder Redirection

Use to redirect the My Documents folder. This allows users to access centrally stored data and documents from anywhere. Redirected folders are automatically made available offline, to provide access when users are not connected to the network.

Ability for user to customize

Permit customization within certain guidelines. You can allow users to personalize their work environment but still prevent them from making changes to critical system settings.

Software Installation

Core applications are installed on all laptops (these applications are assigned).

Optional applications are available for users to install locally (these applications are published).

Group Policy Settings

Use Group Policy settings to create the managed environment.