Manage

Managing Devices without access local access to a Domain Controller

So your workforce has taken home their desktops and devices in a hurry due to the current Pandemic. How do you now manage these devices now they are in a disconnected state from the company network?

One of the first things you are going to have to make sure if you know the local credentials to the device. Hopefully, this has been set with something like LAPS , or a standard password that gets changed Via GPO. If the user does not have access to the domain there is no way to use Domain Admin credentials ( Unless they have been cached ) to install new software to connect back to the domain , catch 22!

RMM Tool

All computers managed by an Managed Service Provider e.g. US at Huon IT will be connected to a Remote Monitoring and Management tool. This enabled the MSP to connect to your computer and monitor and manage it. This is cloud based so it doesn’t matter were it is, it is countable and configurable.

VPN

For Enterprises that have their , If your users need to access data from the on-premise environment e.g. to connect to an App server or access files from a file server they will probably already have this setup.

If not, a solution to managing devices is getting them to connect back to your network. One of the easiest ways is to install a VPN on these machines, but you will need to set this up in your office, probably on the router as it usually is free and doesn’t require any license. You will need to protect this end point with 2fa factor authentication so if a password is compromised the attacker does not have access to the corporate network to further break into your system. Depending on your Router Make you may need to setup a Radius server and integrate into a service like Azure MFA using a P1 License.

VPN should be set to automatically connect so whenever they have an internet connection it connects into the office and checks in. By default VPN’s also put all traffic through , if this over loads your connect you should use something called “Split Tunneling”

Intune

Intune is the simplest and best option, your devices can check in to a cloud-managed monitoring and management system thats free with M365 License and can be configured to work in Hybrid mode meaning whether their in or out the office you can monitor them with the right tools!