Hey everyone,
We're currently transitioning from using non-managed clients with a TS Farm in the background to local machines on managed clients. I've successfully joined these machines to our local Active Directory using Entra AD Connect and am migrating several applications from the TS Farm.
However, I've hit a bump when it comes to our Windows 11 notebooks. They run locally, and while we have baselines set for them, I'm struggling to find a way to save local folders like the Desktop and Documents without syncing them to OneDrive. The notebooks connect to the company via VPN after users authenticate.
How do you guys handle Documents and Desktop management for AD-joined mobile devices without redirecting folders? Right now, I'm advising them to store their important files on the company fileserver instead.
3 Answers
You might want to consider adding the notebooks to your domain and using Group Policy to restrict access to the C: drive. You can set up folder redirection to point to your fileshare or OneDrive instead. We do something like that using DFS with our file server, restricting access to only what's necessary.
We utilize folder redirection with offline file support. This setup works well since our employees are usually in the office once a week for wired access. Our Mobile Device Management restricts their devices to just connect to the RDS farm, keeping it simple.
Honestly, it’s all about creating a solid policy and procedure. I've trained my team not to save important files locally. The first time a device fails and they lose their data, they'll wish they listened!
Exactly! I’ve also told my guys that if they need files secure, they should save them in offline folders that sync after they connect via VPN or log in on the company network. It's a bit of a hassle, but it keeps things secure.