Manage Remote locations

triplebless

Member
Reaction score
2
Is there a way to manage remote locations? Is there a way to manage the computers as if I have a server at that location? I know I can have a VPN tunnel back to my server that runs GP and AD but is that recommended? What do you guys do?
 
More info needed. Are you talking about lots of separate businesses or one massive company?
We VPN into client sites and use RDP, or invite end user to connect us in to workstations via our website (reverse VNC).
 
Set up a site-to-site VPN between the networks. I'd say it's generally better to have a domain controller on site, but if the internet is decent a both locations there probably won't be any issues if they are small remote locations

EDIT: Well you might have to do some tweaking in order to make sure GPOs will get applied. I think forcing the computers to contact a DC before logon but then establishing a timeout does the trick.
 
If you can provide more specifics that would be helpful. Is this for a single company that has mutliple branches all under one AD Domain? Or you mean a customer of yours connected to your AD?
 
We have lots of clients on Wide Area Networks..(WANs)..and (Campus Area Networks (CANs)
For smaller ones..with just a couple of PCs at the satellites, we set their primary DNS to be the IP of the DC which is at "mothership". It hits that through the VPN tunnel.

Obviously the faster the connections at all sites, the better. Including upload at mothership of course....since that is download for the satellites.
For PCs at satellite offices, if you have GPOs for redirected user profiles....obviously you want to cut back on that for the branch office PCs...unless you have a fat pipe. Else log ins will be very slow.

Once you get larger numbers of workstations at the satellite offices, obviously it's better to have another DC there..replicating with motherships DC. Helps speed up log ins and allow folder redirection. Speeds up their web surfing too since the DNS request doesn't have to travel through a VPN tunnel.
 
Thanks for the response. Yes it is for one company with multiple sites with under 10 computers. Have you had any difficulties running GPO through VPN as long as you have decent internet?
 
So, these computers currently not joined to a domain, right? Which GPOs are you wanting to apply to them? Generally I'd say it's not too much of an issue unless you are doing something that would require a lot a data to go across the VPN (roaming profiles, redirected profiles, large software installs-unless you store the MSIs locally)

And don't forget to look into enabling BranchCache features
 
I've seen AD / GPO work just fine in a company with AD at headquarters and 10 branches w/o servers in them. They use a MPLS Mesh so no vpn required but speeds were anywhere from 768k (2 workstations) up to 1.5 meg (20 workstations) and AD / GPO / DNS functions worked just fine. They have since been upgraded to 10 meg minimum but no issues before either.
 
Back
Top