Remote Users - What can yours do?
#1
Scooby Regular
Thread Starter
Join Date: Oct 2001
Location: Lovely Lancing in West Sussex
Posts: 3,449
Likes: 0
Received 0 Likes
on
0 Posts
Remote Users - What can yours do?
Now we have locked down all our desktops and have a bit of spare time we are looking at locking down our remote laptop users.
The question is, what can yours do? They all connect over VPN through our RSA/ACE server and then onto the Lan.
From here I see the following as essential:
No Proxy settings unless connecting to network over the VPN (when they use their own internet, they should not access the Proxy Server)
Able to add and remove printers (in case of printer failures, if at a client site etc.)
Able to add and remove devices (USB keys etc.)
Access Shared volume on our File Servers
Remote Support - via Dameware or RDP
Can't think of anything else at the moment
Cheers
Darren
The question is, what can yours do? They all connect over VPN through our RSA/ACE server and then onto the Lan.
From here I see the following as essential:
No Proxy settings unless connecting to network over the VPN (when they use their own internet, they should not access the Proxy Server)
Able to add and remove printers (in case of printer failures, if at a client site etc.)
Able to add and remove devices (USB keys etc.)
Access Shared volume on our File Servers
Remote Support - via Dameware or RDP
Can't think of anything else at the moment
Cheers
Darren
#3
Scooby Regular
Join Date: Nov 2001
Location: Leeds - It was 562.4bhp@28psi on Optimax, How much closer to 600 with race fuel and a bigger turbo?
Posts: 15,239
Likes: 0
Received 1 Like
on
1 Post
We dont let them do anything more than their desktop.. less infact..
What kind of users are they?
we are now provide remote access via Citrix Secure Gateway but you could use csg.
All users shouldnt be adding their own printers!
100% restrict them and open what is required only.
David
What kind of users are they?
we are now provide remote access via Citrix Secure Gateway but you could use csg.
All users shouldnt be adding their own printers!
100% restrict them and open what is required only.
David
#5
Scooby Regular
Thread Starter
Join Date: Oct 2001
Location: Lovely Lancing in West Sussex
Posts: 3,449
Likes: 0
Received 0 Likes
on
0 Posts
David,
We have a few travelling sales reps who we see about once maybe twice a year so we usually have to get things right first time as we know its at least 6 months before we see them again. and about 30 laptops users who very occasionaly work form home.
Currently our users (this currently includes all laptop users, excpet the travelling rep) can't even fart without us knowing about it.
However our sales reps have to sometimes add a printer to their laptop, if for example their printer fails and we ship them a new one. We don't want to give them administrator access so we will probally grant Printer Adminstrators (to also manager print jobs)
Darren
We have a few travelling sales reps who we see about once maybe twice a year so we usually have to get things right first time as we know its at least 6 months before we see them again. and about 30 laptops users who very occasionaly work form home.
Currently our users (this currently includes all laptop users, excpet the travelling rep) can't even fart without us knowing about it.
However our sales reps have to sometimes add a printer to their laptop, if for example their printer fails and we ship them a new one. We don't want to give them administrator access so we will probally grant Printer Adminstrators (to also manager print jobs)
Darren
#6
i just had all hell break loose when i blocked msn messenger and hotmail access, for work-shy hotel staff.
they pi55 me off and have had certain privileges for 12 months, not anymore.
lock every **** down with 6" nails mate, or they will extract the urine repeatedly!!!
oh, and its quite good fun too. LOL
BOFH
BB
they pi55 me off and have had certain privileges for 12 months, not anymore.
lock every **** down with 6" nails mate, or they will extract the urine repeatedly!!!
oh, and its quite good fun too. LOL
BOFH
BB
#7
Scooby Regular
Thread Starter
Join Date: Oct 2001
Location: Lovely Lancing in West Sussex
Posts: 3,449
Likes: 0
Received 0 Likes
on
0 Posts
We went through that same process a while ago, no personal webmail, no intresting sites
No Messenger, no Pop3 access, just HTTP and even that is logged
Darren
No Messenger, no Pop3 access, just HTTP and even that is logged
Darren
Trending Topics
#9
We've just implemented a major lockdown policy when moving to XP. With NT it was more like everythign is open and we lock down as necessary, now it's the opposite
You say you've locked down your desktops, why can't you apply the same policies to the laptops? Ok you're always going ot have extra stuff on laptops and are going to have to change a few things, but surely if you already have a satisfactory policy on desktops what's changed?
Users cannot execute anything we don't want them to, I couldn't possibly go into everything here as there are masses of policies controlling it all.
If there's anything specific you want to know about pm me.
You say you've locked down your desktops, why can't you apply the same policies to the laptops? Ok you're always going ot have extra stuff on laptops and are going to have to change a few things, but surely if you already have a satisfactory policy on desktops what's changed?
Users cannot execute anything we don't want them to, I couldn't possibly go into everything here as there are masses of policies controlling it all.
If there's anything specific you want to know about pm me.
#10
Scooby Regular
Join Date: Sep 1999
Location: Bedfordshire
Posts: 4,037
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by thundertiger
i just had all hell break loose when i blocked msn messenger and hotmail access, for work-shy hotel staff.
they pi55 me off and have had certain privileges for 12 months, not anymore.
lock every **** down with 6" nails mate, or they will extract the urine repeatedly!!!
oh, and its quite good fun too. LOL
BOFH
BB
they pi55 me off and have had certain privileges for 12 months, not anymore.
lock every **** down with 6" nails mate, or they will extract the urine repeatedly!!!
oh, and its quite good fun too. LOL
BOFH
BB
Good on ya!
Gary
#12
Originally Posted by boxst
Hello
Just as a matter of interest, what is stopping a user installing their own version of XP, they will still have VPN access to corporate?
Steve
Just as a matter of interest, what is stopping a user installing their own version of XP, they will still have VPN access to corporate?
Steve
If they can't access the bios to boot form cd/another device they can't boot into setup.
Plus I very much doubt that the only access these machines have is through VPN, they should be in a domain if the IT setup is any good, which they will not be able to join as they won't know the account details to join it.
Plus if they did try it would totally go against the companies computer user guidelines and you'd get a serious telling off, maybe sacked.
Also what management systems are implace for your machines (desktops and lapdogs), SMS?
If the original poster wants to pm me with specific details I'm sure I could help
Last edited by R1916v; 05 September 2005 at 02:32 PM.
#13
Scooby Regular
Join Date: Nov 2001
Location: Leeds - It was 562.4bhp@28psi on Optimax, How much closer to 600 with race fuel and a bigger turbo?
Posts: 15,239
Likes: 0
Received 1 Like
on
1 Post
Hello
Just as a matter of interest, what is stopping a user installing their own version of XP, they will still have VPN access to corporate?
Steve
Just as a matter of interest, what is stopping a user installing their own version of XP, they will still have VPN access to corporate?
Steve
If a user at our place reinstalled XP, they would be contravining (sp) the computer usage policy by bringing software into work for one. We (IT) would push for instant dismissal - it would be fookin obvious if they did it too.
As for installing printers, if they can establish a VPN connection, can you just not support them over the VPN connection as if they were a 'office' based user??
With them being remote / laptop users I would tie them down even more...
Ill take a screen shot of our corporate desktop if you like
David
#14
Originally Posted by David_Wallis
R1916v, unfortunatley most people dont change the default domain policy to stop each user adding their quota of members to the domain
Our desktops aren't locked down as much as some places, but it can still be pretty restrictive.
Diff GPOs apply to laptop users that enable extra restrictions/features like offline files.
#15
Scooby Regular
Thread Starter
Join Date: Oct 2001
Location: Lovely Lancing in West Sussex
Posts: 3,449
Likes: 0
Received 0 Likes
on
0 Posts
David,
A copy would be wicked if its possible. Are you using the Group Policy admin tool, if so you should be able to export as an HTML file.
Darren
A copy would be wicked if its possible. Are you using the Group Policy admin tool, if so you should be able to export as an HTML file.
Darren
Thread
Thread Starter
Forum
Replies
Last Post
shorty87
Full Cars Breaking For Spares
19
22 December 2015 11:59 AM
Pro-Line Motorsport
Car Parts For Sale
2
29 September 2015 07:36 PM
shorty87
Wheels And Tyres For Sale
0
29 September 2015 02:18 PM