Installing environment where customer will need a "managed" environment, systems that are imaged, prepped for deployment "anywhere" and will never reach back into the environment at HQ and check in, they will be forever out in the wild as "free range", but encrypted of course :)
These systems won't ever be on the same network as the server, won't ever talk to the server after their first "check in" before they are given to someone to take with them and won't ever be seen again on the network until the system returns and is reimaged for the process all over again.
There have been some strong debates over unmanaged vs managed, the key recovery will be a process owned by a helpdesk scenario where if a user with one of these systems calls in for issues they'll have to be remotely supported and supportable, since the system can't use VPN or reach back into the home HQ network.
Hopefully others can chime in on settings or configurations that can lend a view one way or the other that may facilitate this process as easy as possible to support and move forward with.
Additionally, these endpoints will need to be upgraded remotely (which software on the systems will provide for remote desktop support from a different vendor) so if a client endpoint install can be transferred to the system and the configuration file upgraded (and scripted) that would be wonderful. Even if a script of process isn't available if it's feasible I'll be building the process to support that option.
Thanks for all input. These aren't things that are flexible described above, they are the situation that the customer is in and any suggestions to ask them to change will not be met with approval from the customer side.
Additional important notes: No AD is used, will be all local computer accounts on every system, no GPO
This thread was automatically locked due to age.