Remote manage 50 PC's

teaboy5

teaboy5

teaboy5

Soldato
Joined
12 Jan 2006
Posts
5,610
Location
UK
I need to manage 50 PC's that won't be connecting to the org's domain. Now I have looked into intune and that's fine for updates and so on. But I would like to deploy some kind of GPO to them to block certain things but intune doesn't do this.

I know I can configure the local GPO, image the PC and then copy that to the remaining 49, but that leaves me that I can't change anything and push it out remotely.

Does anyone know if there is addon to intune or other software that will allow me to manage these? I want to be able to lock the PC down as much as possible.
 
Last edited:
that's a lot of pcs to manage not connected to the domain.
Is there any reason they cant be conenceted to the network either via Direct access or some other VPN software?
 
These will be out in the wild so to speak. Can that report back over the internet and allow me to control windows updates etc?
 
Emo_hug said:
that's a lot of pcs to manage not connected to the domain.
Is there any reason they cant be conenceted to the network either via Direct access or some other VPN software?
Click to expand...

We don't want them connecting to the network at all as they are not classed as users so to speak.
 
I know its not what you want but my thinking is : have why not have a separate independent domain which all the PC then connect to via some VPN means. with a back up remote control option like team viewer to troubleshoot remote issues.

You could go a step further and have the machines as Virtual machines.

havea look at : https://social.technet.microsoft.co...80f4-865e8fbb05cb/update-group-policy-offline

May help, having a quick skim though seems like this is the information you want.

set up an ftp file server and have the policy auto downloaded and applied every Friday as an example to automate the process of downlaod and import into the machine
 
Emo_hug said:
I know its not what you want but my thinking is : have why not have a separate independent domain which all the PC then connect to via some VPN means. with a back up remote control option like team viewer to troubleshoot remote issues.

You could go a step further and have the machines as Virtual machines.

havea look at : https://social.technet.microsoft.co...80f4-865e8fbb05cb/update-group-policy-offline

May help, having a quick skim though seems like this is the information you want.

set up an ftp file server and have the policy auto downloaded and applied every Friday as an example to automate the process of downlaod and import into the machine
Click to expand...

We won't be creating a domain there they have no call to be part of a network. I like the compliance tool, using either intune or logmein you could download it to the machine and use the command line to install it.
 
Sounds like a lose/lose scenario. You are supposed to support and look after them, but you have no control over them?

As suggested, setup a completely stand-alone domain for these 50 PCs. If they are "in the wild", there are a few fundamentals that need to be in place: connectivity, remote access, hardware support (what happens when a PC dies), windows updates, antivirus, auditing (just to name a few).
 
rotor said:
Sounds like a lose/lose scenario. You are supposed to support and look after them, but you have no control over them?

As suggested, setup a completely stand-alone domain for these 50 PCs. If they are "in the wild", there are a few fundamentals that need to be in place: connectivity, remote access, hardware support (what happens when a PC dies), windows updates, antivirus, auditing (just to name a few).
Click to expand...

We can still do most of that.

They don't need to access the network as they don't store files here. For remote support the likes of intune or logmein for example allows us to connect to the PC and if there is a hardware issue they can bring the laptop back in for it to be replaced if needs be.

Windows updates is also covered.

Antivirus etc is covered by sophos which the likes of logmein can report back if it's out of date or has an issue.

We lock are machines down tight with GPO's on the domain of course, but since they are not connected I wanted to know a way of locking them down using some kind of software.
 
Last edited:
I agree with Rotor, its a lose/lose.

These machines will have to contact *something* or how else can you make changes going forward? A combination of a 2nd domain and direct access would give you full control while keeping them at arms length.
 
You must log in or register to reply here.
Back
Top Bottom