On 28/05/2020 12:08, Susan Coupar wrote:
> Hi
>
> I have been looking at Autopilot to allow us / our supplier to build
> laptops off site and get them delivered directly to staff’s home
> addresses ready for use. The stumbling block I have come across is
> that we currently hybrid join devices and you can’t do this without
> access to a domain controller which is not available off site.
>
> So we have pretty much ruled this out for now as we are not ready to
> start moving devices to pure AAD yet.
>
> How are others dealing with building laptops off site just now? We
> use normally use SCCM to build and have just deployed Always on VPN
> (User Tunnel only) for connection but don’t have an SCCM cloud
> gateway server and all our certificates etc are pushed through group
> policy.
We've considered the offline domain join mechanism, but in the end went
with establishing a VPN to our hardware supplier. They apply the image
to the machines on their network, then swap to (effectively) our network
for the domain join onwards.
Essentially where previously they applied the image and the completion
steps (domain join onwards) took place after the device was delivered to
campus, those completion steps now also take place while the device is
still at the supplier.
We are interested in getting more general solutions working though, and
I think there are plans to experiment with DirectAccess or other
machine-level always-on VPN.
One issue is that we won't necessarily know machines or machine names in
advance, so what we were looking at for offline domain join was some
other channel (probably secure FTP) to pass the machine info up, then
have a process at our end generate the domain join blob which the
machine could then download. But, no point in that until DirectAccess or
similar is in place.
Mike
--
Mike Sandells
The University of Liverpool - Computing Services Department
Email: [log in to unmask] (*Preferred*) - Phone: 0151 794 4437
http://www.liverpool.ac.uk/csd
########################################################################
To unsubscribe from the WINDOWS-UK list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=WINDOWS-UK&A=1
This message was issued to members of www.jiscmail.ac.uk/WINDOWS-UK, a mailing list hosted by www.jiscmail.ac.uk, terms & conditions are available at https://www.jiscmail.ac.uk/policyandsecurity/
|