This content has been marked as final. Show 8 replies
does that user have a high object ID?
assigning lots of users to a machine is a huge drain on resources and network, and also a big security risk.
why not use something like AutoDomain to provision only the users who have previously used that machine (based on their cached credentials)?
Because there are laptops out there that have several users on them...several of which may or may not ever logged onto that machine before. To be honest, our implementation isn't exactly the best. It was slapped together in order to meet the requirements set forth by a government agency in a short fashion. We had minimal time to actually sit and work with it...and nil for training.
How exactly does autodomain work, as I am not familiar with it at all?
autodomain, amongst many other things, makes sure every cached profile has a corresponding pre-boot user account,
thus, if you have a laptop that's been used by 60 people, it will assign those 60 people to the pre-boot.
often this can completely satisfy the loan device problem, while still keeping things reasonably manageable and secure.
You can find out more about this from your account manager or technical contact.
also, this does not address why there is a 5+ minute delay for some users to log on and others go zippy quick...on the same machine.
and what about a user that has no cached credentials on a machine...how does autodomain take care of them?
as I said - what's the object id of the person who takes a long time compared to the one who takes no time at all?
So without going into too much detail, is AutoDomain a difficult thing to implement...and I assume it is an add-in.
My concern though is how it would manage new user access to the device.
A few things that don't seem to make much sense to me. You have 300 laptops that 4000 users use? If so, what you need need a process for loaning out laptops and assinging user id's to them. Maybe you can remove some accounts for clients who don't ever use the laptop? How is the laptop assigned?
We have a small loaner pool of laptops and a process by which they go about getting them. If the machine isn't leaving the company, we assign the autologon user account to it, if it is, we assign that users id to it.
Yeah...the laptop loaner thing is a source of frustration for us. We have about 30 sites across a pretty diverse geographical region. The IT dept does not control these laptops...they are actually held in filing cabinets and if someone needs one for whatever reason, a manager signs it out to them. These are in the far minority.
The majority of the others are infact shared by more indeterminable number of people for one.
Some organizational information might help you understand further: we are a regional health authority in Canada. Many of our laptops are for home care nurses which make rounds to patients in the patients homes/residences. They connect back to the office for their charting and reporting via EVDO and VPN. While they are encouraged to use the same laptops, it is not always possible. A very small percentage are in fact "communal" laptops in which just anyone can sign out...and the rest are pretty much assigned to users.
We implemented this hastily (I am the first to admit that) and were looking for a relatively painless way to manage users. So that is why we created one group in AD for the general users, threw them all into it, created an AD connector to map them to the Users group...and then added the users group to the machine group.
Only recently after digging deeper into user complaints I came here (it has only ever been a few users...and because it was always the same few people, we never perceived it to be a widespread problem...I guess the rest just accepted the delay as a fact of life) And now that I know the problem...I would like to get this resolved as relatively painlessly, expediantly & risk-free.
autodomain seems like it is certainly the way to go (as I am not about to micro-manage user & machine groups, connectors and OUs.) But I am just curious as to how Autodomain would handle the addition of a new user.