Laptop Roaming Users on Business Network

[adamgilldo@hotmail.com]

We have a lot of guys in our company that work out on site nearly all
the time, using an unrestricted Internet connection. Because of this
never allow them on our company network, as due to all our precautions
with antiviruses etc, we still cannot be certain they do not have any
viruses or malware on their laptops. However, it has now been decided
that when they are in the office, they need access to certain files
contained on our file server. What's the most secure way of doing
this? My boss is talking about building a second network for them to
use, with file server that reguarly syncronises with our file server.
However, there must be a better way of doing it than that. Thanks.

 

[matt hopkins]

cant you set them up with an account that has restrictions on what they can
do ?. like only allowing the certain priveleges or access to certain files.


<adamgilldo@hotmail.com> wrote in message
news:1192016771.625675.19100@y42g2000hsy.googlegroups.com...
> We have a lot of guys in our company that work out on site nearly all
> the time, using an unrestricted Internet connection. Because of this
> never allow them on our company network, as due to all our precautions
> with antiviruses etc, we still cannot be certain they do not have any
> viruses or malware on their laptops. However, it has now been decided
> that when they are in the office, they need access to certain files
> contained on our file server. What's the most secure way of doing
> this? My boss is talking about building a second network for them to
> use, with file server that reguarly syncronises with our file server.
> However, there must be a better way of doing it than that. Thanks.
>

 

[jwgoerlich@gmail.com]

There are certainly less expensive ways to mitigate the risk. However,
if your boss is willing to purchase a new server for the project, why
not take him up on the offer?

J Wolfgang Goerlich

On Oct 10, 7:46 am, adamgil...@hotmail.com wrote:
> My boss is talking about building a second network for them to
> use, with file server that reguarly syncronises with our file server.
> However, there must be a better way of doing it than that. Thanks.

 

[Steve Riley [MSFT]]

I wouldn't recommend a separate server. Now you have to deal with
synchronization issues and you'll always wonder whether the data on the
second server is up-to-date. Besides, it still won't solve the root problem:
ensuring that these laptops aren't the source of any malware.

Instead, I'd recommend standard best practices. Join their computers to your
domain, have the users log on using standard domain user accounts (_not_
local administrator accounts), use group policy to ensure that the Windows
Firewall is switched on at all times, and install anti-virus and
anti-spyware (like Forefront Client Security).

Keep the computers secure when they're on the Internet, and they won't be
sources of problems when they connect to your corporate resources. What I've
just described is how many organizations, including Microsoft ourselves,
keep their environments secure.

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


<adamgilldo@hotmail.com> wrote in message
news:1192016771.625675.19100@y42g2000hsy.googlegroups.com...
> We have a lot of guys in our company that work out on site nearly all
> the time, using an unrestricted Internet connection. Because of this
> never allow them on our company network, as due to all our precautions
> with antiviruses etc, we still cannot be certain they do not have any
> viruses or malware on their laptops. However, it has now been decided
> that when they are in the office, they need access to certain files
> contained on our file server. What's the most secure way of doing
> this? My boss is talking about building a second network for them to
> use, with file server that reguarly syncronises with our file server.
> However, there must be a better way of doing it than that. Thanks.
>

 

[adamgilldo@hotmail.com]

On 12 Oct, 03:00, "Steve Riley [MSFT]" <steve.ri...@microsoft.com>
wrote:
> I wouldn't recommend a separate server. Now you have to deal with
> synchronization issues and you'll always wonder whether the data on the
> second server is up-to-date. Besides, it still won't solve the root problem:
> ensuring that these laptops aren't the source of any malware.
>
> Instead, I'd recommend standard best practices. Join their computers to your
> domain, have the users log on using standard domain user accounts (_not_
> local administrator accounts), use group policy to ensure that the Windows
> Firewall is switched on at all times, and install anti-virus and
> anti-spyware (like Forefront Client Security).
>
> Keep the computers secure when they're on the Internet, and they won't be
> sources of problems when they connect to your corporate resources. What I've
> just described is how many organizations, including Microsoft ourselves,
> keep their environments secure.
>
> --
> Steve Riley
> steve.ri...@microsoft.comhttp://blogs.technet.com/sterileyhttp://www.protectyourwindowsnetwork.com
>
> <adamgil...@hotmail.com> wrote in message
>
> news:1192016771.625675.19100@y42g2000hsy.googlegroups.com...
>
>
>
> > We have a lot of guys in our company that work out on site nearly all
> > the time, using an unrestricted Internet connection. Because of this
> > never allow them on our company network, as due to all our precautions
> > with antiviruses etc, we still cannot be certain they do not have any
> > viruses or malware on their laptops. However, it has now been decided
> > that when they are in the office, they need access to certain files
> > contained on our file server. What's the most secure way of doing
> > this? My boss is talking about building a second network for them to
> > use, with file server that reguarly syncronises with our file server.
> > However, there must be a better way of doing it than that. Thanks.- Hide quoted text -
>
> - Show quoted text -

Thanks for your ideas guys. Much appreciated.