Domain vs Local (The tale of the home/remote user)

There are several releases of Windows but all have a Home version and a Pro(fessional) version. The overall concept is a Pro version has more features to make the computer easier to use in a business/enterprise environment, while the home version has the basic core features providing an operating system that works fine for the individual.

The Home version although cheaper, does not come with the domain features built in, which is underlying problem from a remote user and IT person’s viewpoint. Extra work has to be done to allow the user access to the company network facilities (more rightly the domain).

Unless you have a grasp of the concepts between local and domain user, things can start to get confusing for the user, not only remembering different passwords and becomes a security nightmare for IT and so on.  I could cut this article down by ending it here, saying only purchase Pro versions, but going against “golden rules” it is possible to use local computing within a domain. PROVIDED THE USER AND YOU KNOW THE CONSEQUENCES.

 

The perfect scenario

The company domain requires that the person accessing the domain is recognised. This is done by the bouncer of the domain the domain controller, quite simply if your name is not on the list, you’re not coming in. The user is listed on that domain controller and provided a password, which they can use to get by the bouncer.

The domain controller also has other skills which soften its role to the wedding usher, in that once you’re in it will control (to a degree) where you are allowed to sit in the congregation. Or, more correctly what can and cannot have access to (note there are other factors that can govern this).

Generically there are two base types of domain users:-

Domain admin: These logins are the security pass of the domain, when you log in you have control and the ability to change settings within the domain, this can be to allow access privileges, add devices etc.etc. It makes sense you don’t give domain admin access to lots of folks, simply because they could go around changing settings, without immediately letting other users what they’ve done. It’s an access level that should be held by trusted competent staff.

Domain user: This user is a worker, and therefore has to be given the right tools for the job. The concept being is that they are wrapped in cotton wool to degree, given the access to what they need to complete the task. For example, a production user doesn’t need management or finance information, so they can’t access that information. While a management user may need access to finance to check budgets, so they must cross over into other territory. This can be done easily under a domain.

Control over the domain user allows that user to safely wander about the company network and never into an area they are not supposed to be in. Should they need access to a restricted area it can be requested and provided by the domain admin. This ensure the smooth and safe running of the network domain overall.

 

 

 

The home user ‘threat’.

Although a home version of windows doesn’t come with domain features as standard, it does not prevent that machine from being used on a domain.

And here’s the first disadvantage: The journey through the domain is not a smooth one, unlike a domain account they won’t be presented with the drives that they can access, instead they will have to reference them, and then provide their domain identity, to “prove” they can access.

But certain features will still be unavailable, such as network printers, as they never checked in but sneaked around the DC it never gave them full domain access via policy. The immediate good news security wise is the DC is still the governor and won’t let them wander where they’re not supposed to, provided that their access isn’t domain admin.

And that’s where the problems start users get frustrated and have to start remembering that the document drive P: for example, is actually a directory share off a domain device and is referenced something like

\\machine_name\share_or_directory_name

Although it’s not rocket science, users won’t care that the document drive is really called 192.168.xxx.xxx\finance_documents they just want to access P: drive. Yes, you can create a shortcuts to make it easy to remember, but IT have to provide the name if it’s not known by the user, the link only works when you user is connected to the domain via the company Wi-Fi or remotely by VPN.

The real issue is….

I used the word “threat” in the previous section, at most so far things are a minor irritation to IT and user. But here’s the serious stuff.

When the local machine is set up it’s configured with a local administrator access, and rightly so, as you must install the OS and any applications that you use locally, and here starts the problem.

Unwittingly, let’s say that the user requires a program they need to use (it may well be for business purposes) being a local admin they can download for example adobe pdf reader, but instead of going to the official site, they take one of the many other links that are available, yes the download the application, but they also risk inheriting a load of malware/virus extra’s that they’ve gladly given their permission to as administrator.

AV is not a bullet proof jacket, it can stop most but not all things, and the user allowing things thro as administrator of their own machine as just opened the door to unwelcome quests on their own machine.

Which as we’ve just explained can hop onto the domain, opens up P: drive on the network and your local malware/virus has a whole new section of the menu to start considering to gorge on.

Yes, the domain will have AV, but you’ve forced your way into the domain you’ve possibly sneaked past the protection, and now are running the risk of infecting others, simply by saving files back to the network drives. IT IS THIS THAT IS THE REAL ISSUE

 

Should local machines be allowed?

The scenario above is not limited to enterprise, it’s a serious threat to your company network and others is if you’re a remote user. Although without shadow of a doubt the answer is YES don’t use home versions within a company it’s a sledgehammer to crack a nut solution.

I would put forward that you can safely use home versions within a company, BUT (it’s a big but) you educate and enforce users, it should not be an option to all, and it will create extra work for IT in maintaining such users but here’s the general rules.

Always use a strong AV and scan for infections

Goes without saying, ideally with any BYOD it should be checked by the company IT first to ensure is clean and safe enough to use for company business.

UAC a work account

If you have a local machine, that you need to use for work DON’T USE THE ADMINISTRATOR account. But create a second user account on that machine. Stop and think about what you need for that account and ensure that its loaded/configured by qualified staff, if you’re uncertain ask.

Never store passwords

Two good reasons for this, first one being loss of the machine, or leaving the system accessible, risks others being able to access domain features. The next reason is cached credentials; your local version will remember your domain password. A good network forces users to change the password periodically, so a time will come when you suddenly click on a mapped share you created and you’re asked for your password, you type it in and you’re not allowed access as the domain knows you need to change your password, but your local copy has the old one stored.

‘Fun’ begins and I use the word in inverted commas, as the user doesn’t know what’s going on and IT now have to start unlocking your domain login as the attempted entry with wrong password has locked you out. ! The problem magnifies itself if users start using phones to access email on another device that constantly checks the passwords

The problem can be rectified switching off other devices firstly and with clearing cached credentials on the local machine, so start googling and learning how to do that!

Use RDP / RDS

Safest option is to use the local machine as a simple terminal for office work, don’t use the machine at all for directly working on, but remote desktop to, or call on a remote desktop service to provide you with a domain registered system. There are advantages to this in that a cheap machine can be used as a terminal (so there’s hardware cost savings) which can access a more powerful desktop

Everything is done on the remote machine (be it physical/virtual) and is covered by the network protection. In the case of RDS the VM’s they can be destroyed after their use, so the possible risk of infecting the word macro on that machine is eliminated as its never saved for another user to make use of (again not a bullet proof jacket but a definite extra layer of protection

Advertisements

Linx8 affordable mobile computing

A small bargain price tablet with big value uses.

linx8There are some folks that will snort at the prospect of cheap hardware, and to a degree they’re right! “You get what you pay for”, is a reasonably accurate phrase when buying hardware. Also, there are some “poor quality” devices on the market that really relegate devices to the “toy” section rather then practical for home and work.  But, do you always really need a V8 muscle car as a town run about? Or for the school run? A small budget tablet may not be for everyone with regards to a business machine requirement, but it’s worth taking a look for some business work, especially if you’re a mobile worker,  and you take advantage of Cloud based software, trust me.

Well it was a while ago I ‘won’ in a competition from the very nice folks @microsoftsb a Linx 8 tablet, which I was pleased with, but never really got around to using other than install the OS and my Microsoft account (Truth be known was already using the Toshiba Encore 8 for home and work). But a few weeks ago the need for a spare tablet arose for a work project, and remembering the Linx I dug it out and was highly pleased with the end results with the devices performance , and with the results I obtain in using it.

Although superseded now by a newer larger models, both in screen size and memory, and even OS, the Linx8 is still available to buy, and the OS is upgradeable (if you should so wish) and as I’ll explain quite a handy device to make use of.

Build Quality

First to impress is the feel and look of the device. Yes, it’s a plastic case, but the rubberised edge and back allow for a good hold on the device (and without leaving paw marks!), it’s also a boon if you rest the tablet on your knees and lean to pick something up, the rubberised grip surface on the rear, stops your investment launching to oblivion from your lap like so many other shiny models.

A nice professional black matt finish and incredibily light to hold for any duration of time, the Linx is light, slim and comfortable to work with on the move. At only 8mm thick, its thin but sturdy enough to resist any twist, creaks and groans. I still personally prefer the 8 inch screen over 10 on a tablet when used whilst you’re running about, as its easy to hold in the one hand.

Under the hood

The Linx 8 is a comes with built 1GB memory non expandable, and 32 gb storage the Windows 8.1 with Bing, so you don’t have a Pro operating system but that’s what keeps the price down. There’s ways and means of accessing domain level stuff if you do so need, so missing out on Pro is not as big a problem as it first appears. It’s also 32bit on a x64 processor a slight shame but, the processor is a 1.33Ghz Atom processor the Z3735F which in honesty is quite impressive, and for a small machine allows adequate multitasking of a few tasks without grinding to a halt.

Although you can upgrade the machine to Windows10 the base unit does not hold up well to moving the OS (as Windows10 base requirements have increased since 1067 release). To be honest and as I’ll explain you still can do an awful lot with the machine in its native 8.1 operating system still.

There is an expandable Micro SD slot which on my model has a 64GB card, on which I store the apps, data etc. Leaving the 32gb onboard for the essential OS and occasion apps which fuss about not being on c: drives!

The model also comes with a 12month Office 365 subscription the older Personal version, so an additional £60 worth of software thrown in, adds to the bargain. I’ve since upgraded this to my own Office 365 account, and all of the mainstay applications Outlook, Word, Excel work well even with a small screen, and are responsive enough to do some serious work with. Keeping in touch with the office, being able to work on reports and financial submissions on the go is a distinct advantage.

Screen

Again, in keeping with the price it was never going to be a 4k special. But, the 800 x 1280 TFT LCD provides a high enough quality display for work, and as a switch off it’s a great little screen for watching Netflix  with the addition of the mini HDMI port you can output to a larger screen if you do so wish for presentations etc, and still get a good quality display.

The touch screen is 10 touch points and very responsive, you won’t find yourself jabbing your finger repetitively to get a response form the device. Some may find the screen a tad small for desktop precision, if you have problems I’d suggest you use a touch screen wand/pen as an alternative which  works fine.

Keyboards

If you’re desperate for a physical keyboard, instead of the three onscreen varieties that Windows 8.1 provides, the Linx8 has Bluetooth  to allow you to connect a keyboard, leaving the mini USB free for a mouse should you so wish (or visa versa).

Camera’s

The device has a front and rear facing camera, each of which is only 2MP, again can’t expect miracles for the price. But, the camera is fine for holding skype calls, and as I found out great to use with Office Lens to get default images such as receipts, documents etc with all without getting eye strain!

WiFi

Okay here’s the one minor grumble I found with the device. The device has a single channel Wi-Fi in some circumstances it’s not that great at distance, or pick up on some available Wi-Fi. Again with working here and there I get to notice this, but at home or in the office its solid. When I travel, personally I use my Lumia phone as a Wi-Fi hotspot, and the two are a match made in heaven (time to thank BT for the generous 20gb 4G data allowance!)

So what business can you do with it?

The Linx8 can be a useful piece of equipment for work, granted you’re never going to be rendering 3D or CAD images on it, but is a great little workhorse in that like every tablet, the device is brilliant when you need a computer with you when you’re away from your office desk and usual device. It’s light to carry and it allows you both the tile and desktop interfaces of Windows 8.1

With tablets and no keyboard I’ve a preference for the app over the full blown application, but with the cheap and reliable machine you have the advantage of both

I mentioned the Office365 which comes into its own on long bus/train rides home allowing you the full features to draft documents, produce worksheet reports, catch up with mail and attachments all in a well sized workable screen. My colleagues at another company utilise the Linx 8 with the Access database and have the tablet as a jotter and  terminal for stock control and job checking checking purposes.

Using features such as the RDP app available from the store, it’s a perfect portable terminal/console to use when your away from the desk or machine room, able to connect to the AD, Exchange server what have you, so as to be able to make changes at the location, rather than having to run back to the desk/machine room. When floor walking at work, the tablet is ideal for remotely changing settings for other users (Teamviewer is a great and free app).

The 1GB memory is more than adequate to run an office style VM’s delivered by RDS, so in the event of a laptop failure it can be used as a temporary device delivering an office virtual desktop to work with, or if you need to access your main system from home or other site.

With regards the IT side of its use, I also use two great apps Remote Terminal and Metro Putty for work where  cloud based servers run DMBS, allowing you to work with the TCL /management studio  with great ease, again allowing you to check status’s of servers even correct issues within the DBMS. So again the Linx has a use as a potable terminal/console to work from.

Educational equipment

Let’s face it schools budgets are restrictive on equipment, the Linx is an ideal device for education, cheap, affordable and useful. My colleagues company went and bought 10 of these tablets for the local village school (where his wife works). The budget model gives the school now the ability to teach business computing practices, and let the students explore via the web aiding in delivering education and at a low price.

The USB port and on board Bluetooth will allow keyboard and mouse to be added to make a mini PC as said previously. Or can be used for other connectivity to devices external DVD for loading software for example.

What’s so good about the Linx ?

I never over expected from tablet computing, which is more than likely why the tablet evolved into the two in one, for other people’s requirement for a little more room for more oomph with screen real estate, memory and disk storage, and of course the keyboard. To me tablet computing is on the fly/move work, its short bursts of work needed there and then, not always long arduous sessions. Although with a battery life of approx. 6+ hours that is possible with this tablet.

Like most computer geeks I have a collection of devices, but the Linx is the weekend weapon of choice, when I’m not out and about in at home on the sofa too . I can carry it easily in a coat pocket, and when called on I can work from where ever at weekends provided there’s Wi-Fi  or the trusted hotspot available (including a restaurant with my partner once during an ‘emergency’ (sorry to Louise my other half))

Budget tablets are aimed at the domestic market and its size makes it comfortable as a companion for social media, the skype call to colleagues and friends, perfect for watching the match, a film etc. But the Linx has proven itself in the work environment, and is a fraction of the cost of big brand names like DELL smaller tablets.

As said the Linx8 and the updated Linx810 is been superceeded by newer models introduced this year making use of Windows 10 and having higher 2/4GB RAM and  more 64K storage. Coming in at £200 they’re still cheap and  may be worth your glance, I know I was tempted. But, I can’t really fault the device that I obtained for free from a contest, and now retails for under £99. It’s a perfect tool for mobile SMB use, and thanks again @microsoftSB for opening my eyes to true mobile computing.