If your company uses certificates for authentication, secure data exchanges, or both, be sure to configure the connection appropriately. If you're providing instructions to a user who is creating a dial-up connection, you need to explain how to use the Microsoft Management Console (MMC) Certificates snap-in's Certificate Request Wizard to request a certificate the first time the user logs on through the new connection. The user will also need instructions about how to create a new dial-up connection to use the new certificate.
To make life easier for these users, preload the Certificates snap-in on all corporate laptops before you turn them over to users. To do so, choose Run from the Start menu and type
mmc
This action opens a new console. Select Console, Add/Remove Snap-in from the console's menu bar (or press Ctrl+M), then click Add in the Add/Remove Snap-in dialog box. In the Add Standalone Snap-in dialog box, select Certificates, then click Add. The resulting Certificates snap-in dialog box offers three options for the entity this snap-in will manage: My user account, Service account, and Computer account. Depending on your company security policies, select My user account or Computer account, then click Finish. Click Close in the Add Standalone Snap-in dialog box, then click OK in the Add/Remove Snap-in dialog box. The Certificates snap-in is now loaded in MMC.
Next, expand the Certificates object and select the appropriate certificate category in the console (i.e., left) pane. Double-click the necessary certificate in the right pane to see detailed information, to configure Properties, or to copy the certificate to a file. Depending on the certificate type you've selected and the available configuration options, finish configuring the console to match your company requirements, then save the console.
Incidentally, if high-level security is important for your mobile users, I suggest you consider using smart cards. (For more information about using certificates, see "Related Articles in Previous Issues." For information about security in wireless environments, see Steve Milroy, "Wireless Security Considerations, Part 1," http://www.winnetmag.com, InstantDoc ID 21226, and "Wireless Security Considerations, Part 2," http://www.winnetmag.com, InstantDoc ID 21377.)
Upgrading Mobile Computers
In addition to completing configuration tasks when your company's mobile systems first go into action, you need to develop intelligent methods for including portable computers in companywide OS, service pack, or application upgrades. You might use network share points for desktop-client upgrades, but that method doesn't work well for remote users. Even with a high-bandwidth connection, performing such an installation is risky. (I've seen connection problems at both server and client ends, inappropriate client actions—which are difficult to diagnose and fix in long-distance mode—and other problems that seem to haunt such long-distance procedures.)
The best (and safest) practice is to recall laptops and perform inhouse upgrades. That way, you can use a CD-ROM or the network share point. The second-best practice is to create a set of custom installation files, burn them on a CD-ROM, then ship the CD-ROM to the mobile user. In this case, use the appropriate Win2K installation procedures to preload as much information as possible on the CD-ROM, thus minimizing user interaction. Provide a README file with simple, specific instructions. Be sure your Help desk personnel are trained to interact with users who might seek help with the upgrades, and make available to your Help desk folks a database with detailed information (e.g., components, software) about every portable computer.
Hotfixes tend to be small files that rarely require users to answer questions or make decisions, so you can let mobile users download and install those files through the company VPN, FTP site, or network share point. Provide users specific instructions through email or through a README file on the FTP site or share point. Many users require a lot of hand-holding for these types of processes, but you can send more confident users an email message specifying which hotfix you want them to install and where to find it on the Microsoft Web site. In all events, be sure to give users the hotfix's exact filename, not some vague instruction to "download the hotfix that covers that ugly green icon bug thingy."
Using Offline Files
Another tool that you can encourage mobile users to use is Win2K's Offline Files feature, which ensures that users are working with the latest versions of any files that reside on the company network. Mobile users can use this feature to download a file or folder and configure it as an offline object. When the user reconnects to the network, he or she can synchronize the offline copy (which includes any changes the user has made) with the network-based copy.
Win2K provides a wizard to help users set up and configure the Offline Files feature. Give mobile users well-written instructions about using the wizard, and tell them which network folders hold files that they can—or can't—work with offline. For example, network folders that hold your research department's plans and designs aren't good candidates for offline access. To be on the safe side, you can configure such a folder to be inaccessible for offline work. To do so, open the folder's Properties dialog box, go to the Sharing tab, click Caching, then clear the option that permits caching of files. Or simply prevent access to the folder by changing permissions to exclude mobile users or by locating the folder in a protected network location.
Prev. page
1
[2]
3
next page 
