Quick access to a PC on a domain
-
So I've had a request to lengthen the timeout period before Windows auto locks the PC and forces the user to enter their password.
It's currently set to Windows 10's default of 10 min.
Someone else suggested that there might be a product that I could give my doctors so they could log in faster.
Current setup:
We have around 10 PCs with a shared logon for the windows profile, the doc bellies up, loads their dragon profile, launches Chrome to gain access to the EHR, logs into the EHR.Desired setup:
Faster access to the desktop. If the price isn't crazy, they might be sold on logging in individually - but unless loading the profile is 15 seconds or less, I don't seem them liking this (this is why we have a single shared profile now - not to mention roaming profile issues).Thoughts, suggestions?
-
So a few technologies that come to mind are finger print readers and smart cards. At 10 machines managing this one machine at a time for 10 doctors would be an extremely painful experience (the smart cards being slightly better because I could just borrow the card from each doc to register as needed, can't exactly borrow fingerprints without showing how crappy fingerprints really are at security).
So a solution that allows centralized administration of this would be highly desired.
-
What about proximity sensors that unlock it as soon as they get close? Or face readers that unlock it when it sees them looking at the screen?
-
@scottalanmiller said in Quick access to a PC on a domain:
What about proximity sensors that unlock it as soon as they get close? Or face readers that unlock it when it sees them looking at the screen?
Either could be fine, again, as long as they support some type of central authentication (even if it's pushed out via salt, or it's elk).
-
@scottalanmiller said in Quick access to a PC on a domain:
What about proximity sensors that unlock it as soon as they get close? Or face readers that unlock it when it sees them looking at the screen?
Do you have a product recommendation?
-
@dashrender said in Quick access to a PC on a domain:
@scottalanmiller said in Quick access to a PC on a domain:
What about proximity sensors that unlock it as soon as they get close? Or face readers that unlock it when it sees them looking at the screen?
Do you have a product recommendation?
No, I just know that they exist and Microsoft has demonstrated them.
-
@dashrender said in Quick access to a PC on a domain:
@scottalanmiller said in Quick access to a PC on a domain:
What about proximity sensors that unlock it as soon as they get close? Or face readers that unlock it when it sees them looking at the screen?
Do you have a product recommendation?
I'm guessing that your computer isn't new enough to support Windows Hello?
-
@dashrender said in Quick access to a PC on a domain:
@scottalanmiller said in Quick access to a PC on a domain:
What about proximity sensors that unlock it as soon as they get close? Or face readers that unlock it when it sees them looking at the screen?
Either could be fine, again, as long as they support some type of central authentication (even if it's pushed out via salt, or it's elk).
Authentication is separate from the login mechanism.
-
@kelly said in Quick access to a PC on a domain:
@dashrender said in Quick access to a PC on a domain:
@scottalanmiller said in Quick access to a PC on a domain:
What about proximity sensors that unlock it as soon as they get close? Or face readers that unlock it when it sees them looking at the screen?
Do you have a product recommendation?
I'm guessing that your computer isn't new enough to support Windows Hello?
Oh yeah, Windows Hello. I knew that they had a name for it.
-
@kelly said in Quick access to a PC on a domain:
@dashrender said in Quick access to a PC on a domain:
@scottalanmiller said in Quick access to a PC on a domain:
What about proximity sensors that unlock it as soon as they get close? Or face readers that unlock it when it sees them looking at the screen?
Do you have a product recommendation?
I'm guessing that your computer isn't new enough to support Windows Hello?
Desktops - so even new wouldn't matter. Extra hardware would/is required.
-
@scottalanmiller said in Quick access to a PC on a domain:
@dashrender said in Quick access to a PC on a domain:
@scottalanmiller said in Quick access to a PC on a domain:
What about proximity sensors that unlock it as soon as they get close? Or face readers that unlock it when it sees them looking at the screen?
Either could be fine, again, as long as they support some type of central authentication (even if it's pushed out via salt, or it's elk).
Authentication is separate from the login mechanism.
OK that's fair - the use of a device would need to be centrally admin'ed. i.e. I don't want to have to manage 10 prox cards for 10 devices around the network manually.
-
-
We've used some RFIdeas stuff in the past.
The one we have used basically returns keystrokes corresponding to a matched card. If my card is detected, it would fire the keystrokes for my username and password. You don't need to centrally manage anything as you write the credentials to the card and the reader is just the interface. If they lose the card or need a password change, you give them a new card or rewrite the existing card. Not sure how any of this plays with HIPAA stuff though...
They also have USB proximity sensors for auto-logout if that's something else you want.
-
@dashrender said in Quick access to a PC on a domain:
r access to the desktop. If the price isn't crazy, they might be sold on logging in individually - but unless loading the profile is 15 seconds or less, I don't seem them liking this (this is why we have a single shared profile now - not to mention roaming profile issues).
We have prox/hid cards here, shared logins is a no no.
-
You will need to make sure that your device supports TMP 2.0 to be able to use Windows Hello.
-
@dbeato said in Quick access to a PC on a domain:
@dashrender said in Quick access to a PC on a domain:
r access to the desktop. If the price isn't crazy, they might be sold on logging in individually - but unless loading the profile is 15 seconds or less, I don't seem them liking this (this is why we have a single shared profile now - not to mention roaming profile issues).
We have prox/hid cards here, shared logins is a no no.
The shared logon is for Windows only.. no data access.
Making each user log in separately would mean loading a profile each time, this is highly undesirable. These machines are Windows 10 4th gen i5 with 8 GB RAM (I think, could be 4 GB) with SSD drives.
-
@kelly said in Quick access to a PC on a domain:
You will need to make sure that your device supports TMP 2.0 to be able to use Windows Hello.
I could have sworn I read some different articles that say if no TPM 2.0, that it would still work in all software, less secure, but still doable.?
-
@dashrender said in Quick access to a PC on a domain:
@kelly said in Quick access to a PC on a domain:
You will need to make sure that your device supports TMP 2.0 to be able to use Windows Hello.
I could have sworn I read some different articles that say if no TPM 2.0, that it would still work in all software, less secure, but still doable.?
Maybe not: https://docs.microsoft.com/en-us/windows/device-security/tpm/tpm-recommendations.
-
-
@dashrender said in Quick access to a PC on a domain:
Yeah, that is what I was referring to. I'm realizing my post was a bit ambiguous...