0

I am in a bit of a rough spot and I'm hoping that some of you would be able to present me with some options. I have a main office and satellite office where my computer software is updated with a combination of WSUS and GPO Software Assignment. This has worked very well for us, however updating remote worker's laptops are a different beast all together.

In Canada an estimated 80% of the population lives within 100 miles of the US border. This presents a problem with northern portions of the country as the broadband infrastructure is simply not available in many parts. Remote workers who do work in the north frequently dial in to a VPN with internet sticks. Speed is an issue with this (to distribute software) and many of the computers are not attached to the domain when logging in so GPO software installation doesn't work.

I've been digging into ways to try to keep my remote PC's up-to-date but I keep running into dead ends everywhere I turn. This office doesn't have the ability to deploy a sophisticated VPN connection to authenticate to the network before logging into a Windows machine (remote workers log in locally and then connect via VPN), and the speed limitation placed yet another limitation.

Does anyone think I have any options here?

DKNUCKLES
  • 4,028
  • 9
  • 45
  • 60
  • wow that is a problem, we generally handle this by not letting their pc access our resources directly. So that would mean a citrix/rdp solution, they vpn and connect to a citrix/rdp farm so all that needs to be secured is the internal servers. Its a strech I know but otherwise you do have a difficult problem – tony roth Jul 25 '13 at 14:49
  • Another solution that would depend on users being local admin (never do this, and we don't (unless the person basically has only modem speed) ) but you could just send them a cd with the updates. In our case the cd would typically arrive within a day or two they run the install, which would never happen via the network. – tony roth Jul 25 '13 at 15:49

1 Answers1

3

You can use SCCM with a DMZ distribution point to push software out to remote clients that aren't connected to your network. Of course, this doesn't help with the slow/spotty connection, but that will be a problem no matter what. SCCM, at the very least, will retry the download until it's successful.

If SCCM isn't an option, you can look at the Microsoft cloud-based deployment solution called Intune, which is like a slimmed-down SCCM in the cloud.

Short of that, VPN + Remote Desktop Services or RemoteApp might be a better bet so that you don't have to deploy the software at all.

MDMarra
  • 100,183
  • 32
  • 195
  • 326