Re: Your Great Aunt Duluth lives in Martha's Vineyard?!?
"....No, but I hear the drums Fernando...."
Abba!
'nuff said!
...
ANYWAYS --- I've had this option for home profiles since 1999 on Windows 2000 !!!
We call it ROAMING PROFILES !!!!
And so long you have STRICT Group Policies in place, you will have NO issue with having people do their work on ANY local compute device (a laptop, a tablet, a phone or a desktop!) and resyncing that local data with the user's master home profile at work!
I've been able to have users log-in and run corporate jobs on ANY available laptop or desktop PC using their own roaming home folder profile since 1999 and we have had complete encryption and securing of profile and work data using a set of well-thought-out group policy standards signed off by higher ups. We used to even do that with Windows Server NT 3.5 in 1995 when you had to cludge together custom domain access rules using batch files to ensure hard drive and communications port security and encryption!
I was lucky that I had a TOP-NOTCH SysAdmin supervisor who really knew their stuff from their banking-specific IBM Mainframe shop days and KNEW something about real-world security! Whole Drive and Network Folder Encryption plus ENFORCED file access control and folder security was put in from DAY ONE when he was hired! And 128-bit encrypted local area network and wide area network communications started a few months after in late 1995! The corporate big-wigs were smart enough to give him carte-blanche to spend whatever he needed to ENSURE communications and drive security and common end-user network-usage safety training which predated today's 2020's-era anti-phishing training!
THE KEY ISSUE was ensuring that data and hardware/software security is ABLE to be properly implemented by getting the company to pay for FAST internet connections no matter WHERE we are in the world AND making sure end-users had top-notch hardware to make it run fast enough that end-users don't notice the overhead! AND THEN have enough ENFORCED end-user seminars to ensure that users are well-educated about local and network security with some extra anti-virus/anti-phishing education.
Sometimes you are LUCKY and have the company big-wigs on your side (in my case that was a BIG YES!) so while widespread security is MOST DEFINITELY DOABLE, it needs big-wig buy-in and some very loose corporate purse-strings!
.
Soooooooooo......
Secure Group Policy +
High Bit-Length Whole Drive and Individual File and Folder Encryption +
Centralized File/Folder Access Control Settings +
Secure Card + Username + Long Password-based Account and File/Folder Access Control +
End-user Computer Security Education +
Monthly Server Full Image Backups on All-Drives Stored Locally and Off-Site+
Monthly All End User Devices Full Image Backups on All-Drives Stored Locally and Off-Site +
After-Hours Daily Master Servers and All End-User Desktops/Laptops
Multi-Drive Data Backups Stored Locally and Off-Site +
Every 6-hour User Home Folder and Documents Folder Backups Stored Locally and Off-Site +
= INFORMATION SECURITY BLISS !!!!!!!
AND from experience, I can recover an entire server from image backups and daily backups onto NEWLY purchased CLEAN hardware in less than 1.5 hours! I can usually recover end-user systems in less than one hour from an offsite remote restoration server if their hardware just needs a mere wipe and restore! (We use FAST SSDs and fast 10 Gigabit Ethernet for most workstations!)
If a user loses their work during the day, they tend to lose only maximum of about 6 hours of data from the last automated every-6-hour-backup file (usually from the 9am backup) which they can access/restore themselves via a secure-card plus username/password-based access control to the backup/restore servers.
We also educate end-users to backup files every few minutes using their application's backup settings OR we setup an automated ZIP-file backup batch job that runs to save local temp files and end-user application/document files every 30 minute to one hour so they don't lose too much work if their app or desktop crashes!
.
YES! We know not every company is this diligent BUT you too can use this advice to implement some SAFE and SECURE computing infrastructure and IT security policies at ALL YOUR sites!!! (i.e. at home and/or at work!)
.
Biting the hand that feeds IT
