ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Best way to maintain some remote control but not absolute?

    Scheduled Pinned Locked Moved IT Discussion
    101 Posts 8 Posters 14.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @guyinpv
      last edited by

      @guyinpv said in Best way to maintain some remote control but not absolute?:

      How else do you audit the access? You need a CAL regardless as you are a user.

      Win Essentials here.

      CALs are requried the same regardless. In any case, you are consuming one of their "seats", might as well take advantage of the auditing that it brings.

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @guyinpv
        last edited by

        @guyinpv said in Best way to maintain some remote control but not absolute?:

        The liability is if his business ever suffers a data loss or data theft or even remote hacks, that nobody can point a finger at me thinking it must have come through my access. If that is just tin foil thinking, then ya, I'd much rather have full access any time, as needed.

        Bottom line is people will lie and blame you anyway. Might as well at least be useful and have auditing. Otherwise, how do you even prove that you didn't have access? They'll just say that you did.

        guyinpvG 1 Reply Last reply Reply Quote 1
        • guyinpvG
          guyinpv @scottalanmiller
          last edited by

          @scottalanmiller said in Best way to maintain some remote control but not absolute?:

          @guyinpv said in Best way to maintain some remote control but not absolute?:

          The liability is if his business ever suffers a data loss or data theft or even remote hacks, that nobody can point a finger at me thinking it must have come through my access. If that is just tin foil thinking, then ya, I'd much rather have full access any time, as needed.

          Bottom line is people will lie and blame you anyway. Might as well at least be useful and have auditing. Otherwise, how do you even prove that you didn't have access? They'll just say that you did.

          This is true. The person in question is a good dude, I'm just being overly paranoid probably.

          I am also a sucker for tools. I like to play with new things, especially if they are free!

          Speaking of that, what's the best free option for Win Essentials anyway?

          1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender
            last edited by

            I get the feeling that we might not be on the same page.

            When you use TeamViewer or ScreenConnect, etc, to take over the owners computer, you could use that computer to access the iDRAC or any other IP services on their LAN.
            You wouldn't need to worry about changing any routes or IPs, etc. The same would mostly be said if you use something like a jumpbox. This server, normally based on a free linux server, is published through the firewall onto the internet where you can access it remotely. You connect to the jump server, then use tools like RDP from linux to connect to your Windows server, or a web browser to access iDRAC, etc.

            guyinpvG 1 Reply Last reply Reply Quote 0
            • guyinpvG
              guyinpv @Dashrender
              last edited by

              @Dashrender said in Best way to maintain some remote control but not absolute?:

              I get the feeling that we might not be on the same page.

              When you use TeamViewer or ScreenConnect, etc, to take over the owners computer, you could use that computer to access the iDRAC or any other IP services on their LAN.
              You wouldn't need to worry about changing any routes or IPs, etc. The same would mostly be said if you use something like a jumpbox. This server, normally based on a free linux server, is published through the firewall onto the internet where you can access it remotely. You connect to the jump server, then use tools like RDP from linux to connect to your Windows server, or a web browser to access iDRAC, etc.

              Ya that makes sense, but same rules apply. I don't necessarily want hands-off remote control of his workstation either.
              I was thinking more along the lines of a remote tool directly to Win Server on the VM. Or connect to XS and use a console view or something for VM(s).

              At another location I have a server with XS and I have XO running on a VM. I've just found using XC to be nicer than XO.

              I guess if I had my way, I would want this:

              1. I open my super secret client control panel.
              2. Find client and auth into that individually.
              3. Inside client control, find server or device I can remotely control and monitor.
              4. Select to remote control it or change something. Go to work.

              Like a master control panel of all clients, and all system under those clients which I can control or monitor.
              My master control panel would, of course, notify me of danger on monitored devices.

              I suppose MSPs have cool things like that.

              StrongBadS 1 Reply Last reply Reply Quote 0
              • stacksofplatesS
                stacksofplates @Dashrender
                last edited by

                @Dashrender said in Best way to maintain some remote control but not absolute?:

                @scottalanmiller said in Best way to maintain some remote control but not absolute?:

                @guyinpv said in Best way to maintain some remote control but not absolute?:

                @scottalanmiller said in Best way to maintain some remote control but not absolute?:

                What about Google Chrome Remoting?

                The tool doesn't matter. It depends on the issue. What if it's the case that the VM is down but Xen is accessible? I could fix it that way if I had access to Xen.

                To get to that level, we use a Jump server.

                I don't understand how you get web gui access with a Jump server.

                SSH Tunnel

                1 Reply Last reply Reply Quote 0
                • IRJI
                  IRJ
                  last edited by

                  This is the most long and drawn out thread for something simple:

                  1. I feel like you are doing this for free or really cheap. If that is the case...walk away immediately. You sound like a young, excitable guy. I was there once, but after you get used a few times. You won't be so willing to help for nothing or very little.
                  2. Pick a remote control tool. I've used Deskroll in the past and it is really nice because the user can launch a one time .exe file and has the option to install the client at the end so you always have access. If they prefer not to, then that's ok too. You can just send them the .exe everytime you need access.
                  3. I think you don't need idrac access. I think you are being way too paranoid. You are talking about a business with 6 computers. If they are paying you by the incident then make them sweat a little. Otherwise they see you fix the problem in 10 or 15 minutes and they don't appreciate your work. You can always remote in and gain SSH access if you need to do so. If everything is too easy and streamline they will never realize your value. Many small businesses think IT is a waste of money anyway.
                  JaredBuschJ guyinpvG 2 Replies Last reply Reply Quote 5
                  • JaredBuschJ
                    JaredBusch @IRJ
                    last edited by

                    @IRJ said in Best way to maintain some remote control but not absolute?:

                    This is the most long and drawn out thread for something simple:

                    1. I feel like you are doing this for free or really cheap. If that is the case...walk away immediately. You sound like a young, excitable guy. I was there once, but after you get used a few times. You won't be so willing to help for nothing or very little.
                    2. Pick a remote control tool. I've used Deskroll in the past and it is really nice because the user can launch a one time .exe file and has the option to install the client at the end so you always have access. If they prefer not to, then that's ok too. You can just send them the .exe everytime you need access.
                    3. I think you don't need idrac access. I think you are being way too paranoid. You are talking about a business with 6 computers. If they are paying you by the incident then make them sweat a little. Otherwise they see you fix the problem in 10 or 15 minutes and they don't appreciate your work. You can always remote in and gain SSH access if you need to do so. If everything is too easy and streamline they will never realize your value. Many small businesses think IT is a waste of money anyway.

                    Everything here.

                    1 Reply Last reply Reply Quote 1
                    • StrongBadS
                      StrongBad @guyinpv
                      last edited by

                      @guyinpv said in Best way to maintain some remote control but not absolute?:

                      I suppose MSPs have cool things like that.

                      This is often in your RMM suite.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        Getting remote access is always a weird subject. Are you their support or not? If so, you need access, always. If not, their support needs the skills to get you access when it is needed. You need to really determine the goal.

                        guyinpvG 1 Reply Last reply Reply Quote 0
                        • guyinpvG
                          guyinpv @IRJ
                          last edited by

                          @IRJ said in Best way to maintain some remote control but not absolute?:

                          This is the most long and drawn out thread for something simple:

                          1. I feel like you are doing this for free or really cheap. If that is the case...walk away immediately. You sound like a young, excitable guy. I was there once, but after you get used a few times. You won't be so willing to help for nothing or very little.
                          2. Pick a remote control tool. I've used Deskroll in the past and it is really nice because the user can launch a one time .exe file and has the option to install the client at the end so you always have access. If they prefer not to, then that's ok too. You can just send them the .exe everytime you need access.
                          3. I think you don't need idrac access. I think you are being way too paranoid. You are talking about a business with 6 computers. If they are paying you by the incident then make them sweat a little. Otherwise they see you fix the problem in 10 or 15 minutes and they don't appreciate your work. You can always remote in and gain SSH access if you need to do so. If everything is too easy and streamline they will never realize your value. Many small businesses think IT is a waste of money anyway.

                          I appreciate the sentiments, but nothing is ever that easy. For every situation, 52 techs will give 52 different options which are their favorite. Deskroll has not been mentioned once before, I've never even heard of it!

                          iDRAC is probably overkill. Just figure if it's there, might as well enable it and leave the option open eh? I can ignore it for now. I only worked on their previous server twice in a year, so these things are pretty stable anyway.

                          I'm not doing the job for free or anything, but I try to avoid telling them that along with their upgraded server that will do the exact same thing as the old one, they now have to make monthly payments to some service they never needed before. Or on the flip side, I don't want to personally make payments for a new tool I may use for them once a year.

                          You are right about this being drawn out. It's just a conversation, talking about tools and techniques. I never needed to start this thread at all. I could have just stuck TeamViewer on there and called it good. But it never hurts to ask questions and see what's new, what people are using, what tools I haven't heard of, and how other people do the same things.

                          scottalanmillerS 4 Replies Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @guyinpv
                            last edited by

                            @guyinpv said in Best way to maintain some remote control but not absolute?:

                            I appreciate the sentiments, but nothing is ever that easy. For every situation, 52 techs will give 52 different options which are their favorite. Deskroll has not been mentioned once before, I've never even heard of it!

                            That's not confusing the answer is simple. 51 are wrong and I'm right. Where have you been?

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @guyinpv
                              last edited by

                              @guyinpv said in Best way to maintain some remote control but not absolute?:

                              iDRAC is probably overkill. Just figure if it's there, might as well enable it and leave the option open eh? I can ignore it for now. I only worked on their previous server twice in a year, so these things are pretty stable anyway.

                              IF there, yes. If it is already there, we would assume that after paying that much for it that they would have enabled it, too. But you never know.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @guyinpv
                                last edited by

                                @guyinpv said in Best way to maintain some remote control but not absolute?:

                                You are right about this being drawn out. It's just a conversation, talking about tools and techniques. I never needed to start this thread at all. I could have just stuck TeamViewer on there and called it good. But it never hurts to ask questions and see what's new, what people are using, what tools I haven't heard of, and how other people do the same things.

                                We found ScreenConnect to be more cost effective than TV. We like SC a lot.

                                1 Reply Last reply Reply Quote 0
                                • guyinpvG
                                  guyinpv @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Best way to maintain some remote control but not absolute?:

                                  Getting remote access is always a weird subject. Are you their support or not? If so, you need access, always. If not, their support needs the skills to get you access when it is needed. You need to really determine the goal.

                                  Yes I am their support as far as break/fix and upgrades. The only other support is their copier guy, and their medical software support people.

                                  My issue is that, while I typically do all their support, I don't have any kind of retainer fee or contract or policies regarding maintaining any kind of remote control.

                                  Is it typical to create a contract for this for liability reasons? Or just a handshake on "hey I can get in the server whenever I want, cool with you?"

                                  If there is a contract for this, I'd like to see a sample or what that might look like. And for that reason, why not give myself access to every workstation in there while I'm at it?

                                  scottalanmillerS 3 Replies Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @guyinpv
                                    last edited by

                                    @guyinpv said in Best way to maintain some remote control but not absolute?:

                                    I'm not doing the job for free or anything, but I try to avoid telling them that along with their upgraded server that will do the exact same thing as the old one, they now have to make monthly payments to some service they never needed before. Or on the flip side, I don't want to personally make payments for a new tool I may use for them once a year.

                                    One of the things that we struggle with (we being NTG) is balancing between "this is what the customer does" and "this is what we do."

                                    We use and provide ScreenConnect. But lots of customers have their own policies, products, etc. We have an RMM tool, but not many customers on it. We have jump servers, but only with certain customers. It's complicated.

                                    I think one thing you have to decide is... are you an MSP (you determine the tools) or are you an ITSP/Consultant (they determine the tools much of the time?)

                                    1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @guyinpv
                                      last edited by

                                      @guyinpv said in Best way to maintain some remote control but not absolute?:

                                      My issue is that, while I typically do all their support, I don't have any kind of retainer fee or contract or policies regarding maintaining any kind of remote control.

                                      That would actually be weird. People rarely pay a retainer for on call support. Nothing wrong with a retainer, their are great, it's just not common. These aren't factors that people normally consider. If they want you to be their "on call", they need to provide (or allow) access. Plain and simple. I don't see how the rest come into play.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @guyinpv
                                        last edited by

                                        @guyinpv said in Best way to maintain some remote control but not absolute?:

                                        Is it typical to create a contract for this for liability reasons? Or just a handshake on "hey I can get in the server whenever I want, cool with you?"

                                        Those aren't the flipsides. No, it's not common to have a contract for liability because the liability is if you decide to do something illegal... in which case the contract is void anyway. And it's not common that you can get on anytime that you want. What is common, more or less, is to have tools in place that you are allowed to use when needed to support them. You still need permission to get on, but permission, not physical allowance.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @guyinpv
                                          last edited by

                                          @guyinpv said in Best way to maintain some remote control but not absolute?:

                                          If there is a contract for this, I'd like to see a sample or what that might look like. And for that reason, why not give myself access to every workstation in there while I'm at it?

                                          That's the normal way to work. You have to trust your system admin, you have to, it's the law of security. Microsoft said so. Basically if you are their IT, they have to trust you. If you are not that guy, then someone else is (the owner, maybe.) Nothing wrong with that, but if IT fails, it's his responsibility. You have to decide who is the IT guy, on call or otherwise, and trust them.

                                          Ultimately, someone is the system admin here. If they want that to be you, you need access to work. If it isn't, you can wait for the person that is to come up with how they want you to get access while you sit around on the clock.

                                          1 Reply Last reply Reply Quote 1
                                          • DashrenderD
                                            Dashrender
                                            last edited by

                                            I'm definitely not an MSP. I have two clients that I support outside my normal day job. One of them is in the same building as my day job, so they don't bother with remote tools, but if the need arose, they would definitely do it.

                                            The second client, I had them purchase the remote tool (they have ScreenConnect) I have my own account in their SC system and have anytime access. But like Scott said, no retainer - they call, I remote in, otherwise I don't touch it.

                                            I probably do about 1 hour of work for them on average (though we just blitzed that this year with a global rollout of Windows 10 - 15 computers) and they've had some staff adds, so there's been some workstation setup work.
                                            But last year was probably around 15 hours of work the whole year. Was it worth the cost of SC, yep, otherwise I would have charged them at least twice that in drive time.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 2 / 6
                                            • First post
                                              Last post