hot potato workers

Dashrender

Even though I said shared logons likely won't work - I'm going to start there with one possibility.

With a shared logon to Windows - anybody could sit down and just start using the machine.

Since there is only the one shared user - the scanner should always work, and the same goes for the printers - they'll just be mapped under this shared user. This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.

our apps are all web based - so shortcuts, favorites, etc can be made for the ones needed on this computer.

The catch is the locking of the computer - you can't lock a computer and have any real security in a shared user situation. Therefore any time you left eyesight of the computer, you'd have to log out of all of your apps, close Lastpass, etc - go do whatever, then come back and log back into all your stuff. - That idea won't go over well.

Dashrender

Another idea is and RDS setup.

My biggest concern about this is the scanner. I have no idea if it will work in a multi-user environment like RDS. In fact I doubt it will since it won't work in a multi-user environment like Windows 10.

There are replacement solutions for the insurance card scanner that might work in an RDS situation.

RDS is nice because it just follows the user around where ever they login. But I wouldn't want my non Front desk staff to be using the RDS session unless they were at the Front Desk. This potentially means creating two Windows profiles for them.

gjacobse

Since I know the application ( I believe) - is this (application) direct or via an RDP session?

Dashrender

@gjacobse said in hot potato workers:

Since I know the application ( I believe) - is this (application) direct or via an RDP session?

There is not RDP/RDS in this situation. Everything runs from a local browser/app.

If by application you mean athenaNet - that's one of many.

The scanner application is Inuvio's ScanSharp.
Web logons are:
athenaNet
M365
Paycom - timeclock
payaconnect - CC processor

gjacobse

@dashrender said in hot potato workers:

Web logons are:
athenaNet

Interesting - so you are not using a RDP session to host the AthenaNet as an additional security layer?

Dashrender

@gjacobse said in hot potato workers:

@dashrender said in hot potato workers:

Web logons are:
athenaNet

Interesting - so you are not using a RDP session to host the AthenaNet as an additional security layer?

No - are you? And assuming you are - how do you handle insurance card uploads, paperwork uploads, local device attachment, etc? i mean I know RDS can map in a USB port, perhaps that works pretty good today - not so much in the past.

gjacobse

@dashrender said in hot potato workers:

@gjacobse said in hot potato workers:

@dashrender said in hot potato workers:

Web logons are:
athenaNet

Interesting - so you are not using a RDP session to host the AthenaNet as an additional security layer?

No - are you? And assuming you are - how do you handle insurance card uploads, paperwork uploads, local device attachment, etc? i mean I know RDS can map in a USB port, perhaps that works pretty good today - not so much in the past.

We have a number of Ambir Scanners for insurance / id cards... working 'fine' in the RDP

Dashrender

@gjacobse said in hot potato workers:

@dashrender said in hot potato workers:

@gjacobse said in hot potato workers:

@dashrender said in hot potato workers:

Web logons are:
athenaNet

Interesting - so you are not using a RDP session to host the AthenaNet as an additional security layer?

No - are you? And assuming you are - how do you handle insurance card uploads, paperwork uploads, local device attachment, etc? i mean I know RDS can map in a USB port, perhaps that works pretty good today - not so much in the past.

We have a number of Ambir Scanners for insurance / id cards... working 'fine' in the RDP

Tell me about your RDP environment - does each person have their own full windows 10 desktop in Azure? or is it an RDS server?

I don't use ambir's software, I'll have to take a look at it.

gjacobse

I believe this to be the current model deployed:
Ambir ds687

gjacobse

@dashrender said in hot potato workers:

@gjacobse said in hot potato workers:

@dashrender said in hot potato workers:

@gjacobse said in hot potato workers:

@dashrender said in hot potato workers:

Web logons are:
athenaNet

Interesting - so you are not using a RDP session to host the AthenaNet as an additional security layer?

No - are you? And assuming you are - how do you handle insurance card uploads, paperwork uploads, local device attachment, etc? i mean I know RDS can map in a USB port, perhaps that works pretty good today - not so much in the past.

We have a number of Ambir Scanners for insurance / id cards... working 'fine' in the RDP

Tell me about your RDP environment - does each person have their own full windows 10 desktop in Azure? or is it an RDS server?

I don't use ambir's software, I'll have to take a look at it.

Using a RDS Balancer, so you can use the same server for days and then get kicked to a different one,... a total of 15 RDS servers.

Dashrender

@gjacobse Are you doing full desktops or only deploying the browser for athenaNet?

gjacobse

@dashrender said in hot potato workers:

@gjacobse Are you doing full desktops or only deploying the browser for athenaNet?

Full Desktop

JaredBusch

@dashrender said in hot potato workers:

This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.

But it won't be logged in to the right user.

Browser sessions won't be the right user.

Just an all around bad idea.

Dashrender

@jaredbusch said in hot potato workers:

@dashrender said in hot potato workers:

This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.

But it won't be logged in to the right user.

Browser sessions won't be the right user.

Just an all around bad idea.

LP will be set to log out upon the browser closing -

There's only so much I can do for the users - They have to log out of Outlook, they have to log out of athena - they need to close the browser or log out of LP... so that's really not a big concern in my mind.

IF - IF they can log out those things.. this is not an issue. tons of places use shared computers with the full expectation that once you are done YOU will log out when finished to prevent the next person getting access to your crap.

JaredBusch

@dashrender said in hot potato workers:

@jaredbusch said in hot potato workers:

@dashrender said in hot potato workers:

This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.

But it won't be logged in to the right user.

Browser sessions won't be the right user.

Just an all around bad idea.

LP will be set to log out upon the browser closing -

There's only so much I can do for the users - They have to log out of Outlook, they have to log out of athena - they need to close the browser or log out of LP... so that's really not a big concern in my mind.

IF - IF they can log out those things.. this is not an issue. tons of places use shared computers with the full expectation that once you are done YOU will log out when finished to prevent the next person getting access to your crap.

Force Edge to always use porn mode. That should help.

Dashrender

@jaredbusch said in hot potato workers:

@dashrender said in hot potato workers:

@jaredbusch said in hot potato workers:

@dashrender said in hot potato workers:

This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.

But it won't be logged in to the right user.

Browser sessions won't be the right user.

Just an all around bad idea.

LP will be set to log out upon the browser closing -

There's only so much I can do for the users - They have to log out of Outlook, they have to log out of athena - they need to close the browser or log out of LP... so that's really not a big concern in my mind.

IF - IF they can log out those things.. this is not an issue. tons of places use shared computers with the full expectation that once you are done YOU will log out when finished to prevent the next person getting access to your crap.

Force Edge to always use porn mode. That should help.

that helps as long as the browser is closed when the user is finished -

gjacobse

Not done the comparison - but we use SecureDen.. The group (about seven of us) see the same thing, get MFA'd ...

JasGot

@jaredbusch said in hot potato workers:

Force Edge to always use porn mode. That should help.

Helpful Hint: Don't google: "Edge Porn Mode"

gjacobse

@jasgot said in hot potato workers:

@jaredbusch said in hot potato workers:

Force Edge to always use porn mode. That should help.

Helpful Hint: Don't google: "Edge Porn Mode"

LOL... That so makes me want to. But No. Pass.

JaredBusch

@dashrender said in hot potato workers:

@jaredbusch said in hot potato workers:

@dashrender said in hot potato workers:

@jaredbusch said in hot potato workers:

@dashrender said in hot potato workers:

This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.

But it won't be logged in to the right user.

Browser sessions won't be the right user.

Just an all around bad idea.

LP will be set to log out upon the browser closing -

There's only so much I can do for the users - They have to log out of Outlook, they have to log out of athena - they need to close the browser or log out of LP... so that's really not a big concern in my mind.

IF - IF they can log out those things.. this is not an issue. tons of places use shared computers with the full expectation that once you are done YOU will log out when finished to prevent the next person getting access to your crap.

Force Edge to always use porn mode. That should help.

that helps as long as the browser is closed when the user is finished -

Fixes the issues you raised, which are also user management issues.

So simply make the policy close the fucking browser.