Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 8537 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best practice for shared laptops used for presentations

Stu_G

Hi,

We have several laptops we loan out to users for presentational purposes, powerpoint mostly. Typically the laptops are loaned out for a day or so.

We have 100 users who potentially could loan out any of these laptops

It is obviously not feasible to add all users to all laptops..... and the laptops must be encrypted and POA invoked.

Given this scenario what would be best practice in terms of adding users to the laptop, given a days notice?

I really want to lessen the burden on the helpdesk too if possible.

Thanks

:50012


This thread was automatically locked due to age.
  • 0

    If your laptops are managed by the Safeguard Management Center, and each one of the users has logged onto at least one laptop managed by Safeguard you could administer them in the Safeguard Managment center?

    Add each one of the users to a new Group in Users and Computers, then click each of the laptops and click on the "Users" tab. Drag the group you created from the "Availible users" window on the right of the screen to the list of users on the left of the screen.

    All of the users in that group will then be added as users of that laptop.

    There are a couple of limitations - firstly at least one person will need to log onto the laptop and connect to the internet to allow Sophos to synchronise the accounts onto it. Secondly dragging the group only adds the contents of the group to the users tab, rather than the group itself. So you cant add or remove users to that group later and have the laptop automaticly update. If you need to add or remove users you will need to do it manually from each laptop.

    :50020
  • 0

    Hi Stu,

    have you considered rolling out so called <POA> accounts to the Pool of loan notebooks?

    "After SafeGuard Enterprise has been installed and the SafeGuard Power-on Authentication (POA)
    has been activated, access to endpoints to perform administrative tasks may be required. With
    POA users, users (for example members of the IT team) can log on at the SafeGuard Power-on
    Authentication on endpoints for administrative tasks without having to initiate a
    Challenge/Response procedure. There is no automatic logon to Windows. The users logging on
    with POA user accounts log on to Windows with their existing Windows accounts"

    Please see Admin manual - chapter
    19 POA users for SafeGuard POA logon (http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sgn_61_h_eng_admin_help.pdf) for full details

    You could create a POA account group, distribute the account only to the loan machines and provide the machines with the static POA account to your users. They would have to enter the POA Account to be able to boot the machine and authenticate in Windows using their Windows Account credentials.

    You could also centrally rotate the password for the accounts if required.


    Regards,
    Chris

    :50182
  • 0

    Typically what I do for my organization is disable the POA for mutli-user laptops, and keep the POA turned on for single user laptops. It's too much of a pain in the rear to reliably add users to the POA.

    :51292
Unfiltered HTML