hot potato workers
-
@gjacobse said in hot potato workers:
@jasgot said in hot potato workers:
But RDP is not an option. (yet!)
in
hisenvironment - I don't think RDS would ever be an option. The infrastructure changes needed are quite involved.Well - I'm the one who tossed out the idea of using RDS/RDP in the first place for this particular situation.
And since your ambir scan's are working withe TSScan, we could switch to those for the insurance card scanning if the solution fit within our requirements.
-
athenaNet recently added the ability to do direct scanning from within the chart (before that, the only option was - scan to a file, then upload that file through the uploader). using either TWAIN compliant or Snapscan scanners.
Sadly as mentioned repeatedly above, athena specifically blocks the use of network attached twain scanners.
Making matters worse, the process for getting an insurance card into athena is yet another process.
The insurance card is scanned (typically using Inuvio or Ambir scan software) to c:\card\cardab.jpg.
The athena add-on software (athena device manager) will - when the correct button is pressed inside athena - look to that directory and if a file is there by that exact name - check how old the file is. If it's more than 5 mins old - it will warn the user that this file is more than 5 mins old and are you sure it's the correct one? - assuming you choose upload anyway - the jpg is uploaded into athena.This process makes it extremely painful to use a single device to scan files AND insurance cards into athena from a single device. In the case of scanning, the twain driver is used. in the case of the insurance card - local scanning software must be used to place the image into c:\card.
-
Okay. Let's look again at the idea of a script to kill and restart the software. Once you have a script working that can kill the software on demand, and start the software on demand. move the script to a GPP.
Use GPP (Group Policy Preferences) to create scheduled tasks that uses the "On workstation lock" and "On workstation unlock" event to trigger your script.
-
@jaredbusch said in hot potato workers:
@dashrender said in hot potato workers:
This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.
But it won't be logged in to the right user.
Browser sessions won't be the right user.
Just an all around bad idea.
I'm back to working on this for a bit and re-reading the thread.
The browser would be set to clear cache upon closing and LP would be set to log out upon closing.So browser sessions shouldn't be an issue for either LP or any of our web apps.
-
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@dashrender said in hot potato workers:
This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.
But it won't be logged in to the right user.
Browser sessions won't be the right user.
Just an all around bad idea.
LP will be set to log out upon the browser closing -
There's only so much I can do for the users - They have to log out of Outlook, they have to log out of athena - they need to close the browser or log out of LP... so that's really not a big concern in my mind.
IF - IF they can log out those things.. this is not an issue. tons of places use shared computers with the full expectation that once you are done YOU will log out when finished to prevent the next person getting access to your crap.
Force Edge to always use porn mode. That should help.
that helps as long as the browser is closed when the user is finished -
an additional concern here is getting add-ons, like Lastpass, to work in porn mode.
-
@jasgot said in hot potato workers:
Okay. Let's look again at the idea of a script to kill and restart the software. Once you have a script working that can kill the software on demand, and start the software on demand. move the script to a GPP.
Use GPP (Group Policy Preferences) to create scheduled tasks that uses the "On workstation lock" and "On workstation unlock" event to trigger your script.
Good idea - though I'm guessing logon is not the same as workstation unlock, so I'd need a third option there for a new user logging in while the station is locked for a previous user.
-
Something new I just discovered, M365 Business Premium includes Azure Virtual Desktop.
I need to dig into this more, but if it's what I think it is, and RDS session, This lower price might make it make sense to use.
-
@dashrender said in hot potato workers:
I need to dig into this more, but if it's what I think it is, and RDS session, This lower price might make it make sense to use.
Their docs refer to it as VDI, so it's either RDS or something that acts like RDS. But would be crazy not to be RDS given that it is MS' own solution.
-
@dashrender said in hot potato workers:
M365 Business Premium
You already have Premium? Or you are just looking at the upgrade delta?
It's funny, in Central America "premium" is used as a derogatory term. It's funny to hear it in product names.
-
@scottalanmiller said in hot potato workers:
@dashrender said in hot potato workers:
I need to dig into this more, but if it's what I think it is, and RDS session, This lower price might make it make sense to use.
Their docs refer to it as VDI, so it's either RDS or something that acts like RDS. But would be crazy not to be RDS given that it is MS' own solution.
More specifically I'm trying to determine the limitations?
They just started offering full Windows desktops to businesses a month or so ago through some other, non Azure plan - but the prices I saw were like starting at $80/user/month. A VM could be configured with more resources and the price was much higher.
I'm trying to figure out what you get here as part of your $20/m/u subscription - if you get a full RDS session, then the other pricing seems way out of wack.
Gene mentioned that they pause their RDS sessions at night to save on Azure costs - So I'm wondering what is happening here for these included sessions?
Lot of things to learn/understand.
-
Also noticed the logo is the RDS logo, so pretty sure it is RDS.
-
@scottalanmiller said in hot potato workers:
@dashrender said in hot potato workers:
M365 Business Premium
You already have Premium? Or you are just looking at the upgrade delta?
It's funny, in Central America "premium" is used as a derogatory term. It's funny to hear it in product names.
Yes, we use MS office locally here (don't get me started). The lowest package that includes both MS email and Office is M365 Business Premium for $20/u/m (even cheaper when bought through someone like DCW @Yonah-S )
-
@scottalanmiller said in hot potato workers:
Also noticed the logo is the RDS logo, so pretty sure it is RDS.
Of that I never actually had doubt.
-
@scottalanmiller said in hot potato workers:
@dashrender said in hot potato workers:
M365 Business Premium
You already have Premium? Or you are just looking at the upgrade delta?
It's funny, in Central America "premium" is used as a derogatory term. It's funny to hear it in product names.
Premium is no a derogatory term in my country (Dominican Republic). It classifies as service higher than normal.
-
@dbeato said in hot potato workers:
@scottalanmiller said in hot potato workers:
@dashrender said in hot potato workers:
M365 Business Premium
You already have Premium? Or you are just looking at the upgrade delta?
It's funny, in Central America "premium" is used as a derogatory term. It's funny to hear it in product names.
Premium is no a derogatory term in my country (Dominican Republic). It classifies as service higher than normal.
Here it is used to mean "trashy". More money than taste.
-
@scottalanmiller interesting side note lol.
-
@dashrender said in hot potato workers:
Azure Virtual Desktop
Started using this a few weeks ago as a solution for something and has been excellent. It works well with Intune as well, so no need for an on-prem AD.
-
@obsolesce said in hot potato workers:
@dashrender said in hot potato workers:
Azure Virtual Desktop
Started using this a few weeks ago as a solution for something and has been excellent. It works well with Intune as well, so no need for an on-prem AD.
You lost me on the no need for on-premises AD...
- is it because you can manage it with Intune instead of AD/GPOs?
Do you consider it practically identical to an RDS server? or a VDI solution?
What licensing are you using it with? -
TLDR, but whatever you end up doing, you'll need to make it very easy for the users, otherwise they'll just end up sharing passwords coz that'll be easier and faster.
You somehow need to make the users responsible for their actions, that's the only way you'll get compliance from them.
-
@siringo said in hot potato workers:
TLDR, but whatever you end up doing, you'll need to make it very easy for the users, otherwise they'll just end up sharing passwords coz that'll be easier and faster.
You somehow need to make the users responsible for their actions, that's the only way you'll get compliance from them.
OMG THIS ^.
Yes I definitely realize this. New management definitely seems more on board with trying to right with security, so hopefully it will be easier to hold employees feet to the fire for doing stuff wrong, but you're absolutely right that people will create their own shadow IT whenever possible/when they find it easier than doing what's right.
