hot potato workers
- 
 @jaredbusch said in hot potato workers: @obsolesce said in hot potato workers: @dashrender said in hot potato workers: @jaredbusch said in hot potato workers: @obsolesce said in hot potato workers: TL:DR entire thread, but why not disable fast user switching? That would force the user to have to log out if anything. Completely forgot about that. 
 Can a normal user force log off a logged on user if the screen is locked?nope. You could turn on auditing for logon/logoff events, then run a logoff script when the lock event triggers if that's an issue. Lock is a normal event though when a user walks away and is coming back. Forcing a log off would be a huge productivity sink Not if you look at the case above where I said that Lock is completely unusable because of the shared account. 
- 
 @dashrender said in hot potato workers: @jaredbusch said in hot potato workers: @obsolesce said in hot potato workers: @dashrender said in hot potato workers: @jaredbusch said in hot potato workers: @obsolesce said in hot potato workers: TL:DR entire thread, but why not disable fast user switching? That would force the user to have to log out if anything. Completely forgot about that. 
 Can a normal user force log off a logged on user if the screen is locked?nope. You could turn on auditing for logon/logoff events, then run a logoff script when the lock event triggers if that's an issue. Lock is a normal event though when a user walks away and is coming back. Forcing a log off would be a huge productivity sink Not if you look at the case above where I said that Lock is completely unusable because of the shared account. Yes, but what is the user impact to a log on event multiple times per day? Not saying it is the wrong solution, but this type of issue needs to be resolved around a solution that is the least impactful to user productivity while still meeting the security and technical requirements. 
- 
 @jaredbusch said in hot potato workers: @dashrender said in hot potato workers: @jaredbusch said in hot potato workers: @obsolesce said in hot potato workers: @dashrender said in hot potato workers: @jaredbusch said in hot potato workers: @obsolesce said in hot potato workers: TL:DR entire thread, but why not disable fast user switching? That would force the user to have to log out if anything. Completely forgot about that. 
 Can a normal user force log off a logged on user if the screen is locked?nope. You could turn on auditing for logon/logoff events, then run a logoff script when the lock event triggers if that's an issue. Lock is a normal event though when a user walks away and is coming back. Forcing a log off would be a huge productivity sink Not if you look at the case above where I said that Lock is completely unusable because of the shared account. Yes, but what is the user impact to a log on event multiple times per day? Not saying it is the wrong solution, but this type of issue needs to be resolved around a solution that is the least impactful to user productivity while still meeting the security and technical requirements. Of course it does - which is why I have this topic. I don't believe a shared account is anywhere near optimal. Ultimately I believe I'm going to have to create some scripts that will ensure all the required settings are in place whenever any user logs in. Of course - this will make a first time user (or a user after their profile has been removed) unhappy as they wait for the scripts to run. I already mentioned the things above I need to be there every time anyone logs into these computers... 
 specific printers based on location of front desk
 short cuts to specific websites
 Lastpass installed and enabled in Chrome at least, Edge would be useful
- 
 I know that if users use typical domain logons, I can tweak the computers to not allow multi-user use. i.e. if a second person wants to log in, the first has to log out. So assuming I use a situation where everyone uses their own logons, this tweak would solve my local scanner issue. 
 Of course it will result in plenty of forced shutdowns because users lock the computer instead of logging off.I know I could force reboots over night, and that would do the force logoff for me - 6 of one, half dozen the other for this point. 
- 
 @dashrender said in hot potato workers: I have a front desk area of 10 workstations that I need to allow these 10 workers and about 20 others to randomly log into any of these 10 stations and have full function. Each station has an insurance card scanner - software will only load for one profile at a time. I.e. if person 1 is logged in, then person 2 logs in while suspending (not logging off) person 1, the scanner won't work. The printers are based on front desk location, so it's workstation based, regardless of who logs in. Lastpass needs to be installed into Chrome and ready to go regardless of who logs into the PC. As already mentioned - as backup to sick front desk staff, a group of 20 or so can be assigned to fill in as needed, and they need the ability to do all functions from these computers as well. Because it's a medical shop - my users need the ability to lock their computers when they go to the bathroom - so I'm thinking a shared account likely isn't going to work. Just an idea but why not use scanners that support network scanning and don't need a PC? Having USB scanners is like having USB printers. Not great in a workgroup situation. 
- 
 @pete-s said in hot potato workers: @dashrender said in hot potato workers: I have a front desk area of 10 workstations that I need to allow these 10 workers and about 20 others to randomly log into any of these 10 stations and have full function. Each station has an insurance card scanner - software will only load for one profile at a time. I.e. if person 1 is logged in, then person 2 logs in while suspending (not logging off) person 1, the scanner won't work. The printers are based on front desk location, so it's workstation based, regardless of who logs in. Lastpass needs to be installed into Chrome and ready to go regardless of who logs into the PC. As already mentioned - as backup to sick front desk staff, a group of 20 or so can be assigned to fill in as needed, and they need the ability to do all functions from these computers as well. Because it's a medical shop - my users need the ability to lock their computers when they go to the bathroom - so I'm thinking a shared account likely isn't going to work. Just an idea but why not use scanners that support network scanning and don't need a PC? Having USB scanners is like having USB printers. Not great in a workgroup situation. Our EMR only supports USB based scanning today. We've begged them to enable network based TWAIN - but they currently intentionally disable it. 
- 
 @dashrender said in hot potato workers: @pete-s said in hot potato workers: @dashrender said in hot potato workers: I have a front desk area of 10 workstations that I need to allow these 10 workers and about 20 others to randomly log into any of these 10 stations and have full function. Each station has an insurance card scanner - software will only load for one profile at a time. I.e. if person 1 is logged in, then person 2 logs in while suspending (not logging off) person 1, the scanner won't work. The printers are based on front desk location, so it's workstation based, regardless of who logs in. Lastpass needs to be installed into Chrome and ready to go regardless of who logs into the PC. As already mentioned - as backup to sick front desk staff, a group of 20 or so can be assigned to fill in as needed, and they need the ability to do all functions from these computers as well. Because it's a medical shop - my users need the ability to lock their computers when they go to the bathroom - so I'm thinking a shared account likely isn't going to work. Just an idea but why not use scanners that support network scanning and don't need a PC? Having USB scanners is like having USB printers. Not great in a workgroup situation. Our EMR only supports USB based scanning today. We've begged them to enable network based TWAIN - but they currently intentionally disable it.  
- 
 @travisdh1 said in hot potato workers: @dashrender said in hot potato workers: @pete-s said in hot potato workers: @dashrender said in hot potato workers: I have a front desk area of 10 workstations that I need to allow these 10 workers and about 20 others to randomly log into any of these 10 stations and have full function. Each station has an insurance card scanner - software will only load for one profile at a time. I.e. if person 1 is logged in, then person 2 logs in while suspending (not logging off) person 1, the scanner won't work. The printers are based on front desk location, so it's workstation based, regardless of who logs in. Lastpass needs to be installed into Chrome and ready to go regardless of who logs into the PC. As already mentioned - as backup to sick front desk staff, a group of 20 or so can be assigned to fill in as needed, and they need the ability to do all functions from these computers as well. Because it's a medical shop - my users need the ability to lock their computers when they go to the bathroom - so I'm thinking a shared account likely isn't going to work. Just an idea but why not use scanners that support network scanning and don't need a PC? Having USB scanners is like having USB printers. Not great in a workgroup situation. Our EMR only supports USB based scanning today. We've begged them to enable network based TWAIN - but they currently intentionally disable it.  yep.. we've had two workgroup calls with them.. and about 20 people all begging them to turn it on.. stop manually blocking it! 
- 
 @dashrender said in hot potato workers: Another idea is and RDS setup. 
 My biggest concern about this is the scanner. I have no idea if it will work in a multi-user environment like RDS. In fact I doubt it will since it won't work in a multi-user environment like Windows 10.Have you considered TS Scan by Terminal works? https://www.terminalworks.com/remote-desktop-scanning We use it for RDP scanning from remote USB scanners and it works great. You can test it for a trial period to see if it will handle multiple clients to one remote scanner. I think it will; one at a time. 
- 
 @jasgot said in hot potato workers: @dashrender said in hot potato workers: Another idea is and RDS setup. 
 My biggest concern about this is the scanner. I have no idea if it will work in a multi-user environment like RDS. In fact I doubt it will since it won't work in a multi-user environment like Windows 10.Have you considered TS Scan by Terminal works? https://www.terminalworks.com/remote-desktop-scanning We use it for RDP scanning from remote USB scanners and it works great. You can test it for a trial period to see if it will handle multiple clients to one remote scanner. I think it will; one at a time. We have an insurance card scanner at each desk. I don't see this changing. In fact, if anything - there have been discussions for years about adding a full size page scanner at each station. The biggest hold back on this is space. our primary location's front desk barely has enough room for the keyboard, mouse, phone and a cup of coffee. the insurance card scanner is crowded up under the monitors and pulled out when needed. 
- 
 I keep thinking about this. It's the kind of problem I love to tackle.  If the scanner redirector from terminalworks does indeed allow you to use the scanner with you insurance/single use issue, then mandatory roaming profiles may work well for you. BTW: for some reason, I think the termnalworks software disconnects the link to the scanner if the RDP session goes into a disconnected state. This should work well for insurance/one user issue. 
- 
 @jasgot said in hot potato workers: I keep thinking about this. It's the kind of problem I love to tackle.  If the scanner redirector from terminalworks does indeed allow you to use the scanner with you insurance/single use issue, then mandatory roaming profiles may work well for you. BTW: for some reason, I think the termnalworks software disconnects the link to the scanner if the RDP session goes into a disconnected state. This should work well for insurance/one user issue. Personally - I'm not a fan of the RDS solution - it's so expensive. I'd like a solution at the desktop instead... not sure I'll get one, but it's where I'm currently trying to aim. 
- 
 @dashrender said in hot potato workers: @jasgot said in hot potato workers: I keep thinking about this. It's the kind of problem I love to tackle.  If the scanner redirector from terminalworks does indeed allow you to use the scanner with you insurance/single use issue, then mandatory roaming profiles may work well for you. BTW: for some reason, I think the termnalworks software disconnects the link to the scanner if the RDP session goes into a disconnected state. This should work well for insurance/one user issue. Personally - I'm not a fan of the RDS solution - it's so expensive. I'd like a solution at the desktop instead... not sure I'll get one, but it's where I'm currently trying to aim. Will the scanner work in the following scenario? - User A logs in and scans
- User A locks the screen and goes away
- User B logs in
- User B unplugs the scanner physically and then plugs it in again
- User B starts working and scanning
 Do you think what I'm thinking? 
- 
 Will the scanner work in the following scenario? - User A logs in and scans
- User A locks the screen and goes away
- Computer goes to sleep
- User B wakes it up and logs in
- User B starts working and scanning
 
- 
 Is it possible to run a script with admin rights that terminates the scanner software when a new user logs in? 
- 
 @dashrender said in hot potato workers: We have an insurance card scanner at each desk. I don't see this changing. Not sure how to read this response. 
 TSScan is software not hardware. It will allow a session on an RDP server to see that locally attached twain scanner. But RDP is not an option. (yet!) 
- 
 Having spoken to @Dashrender just yesterday about the environmental differences between his org and mine - it's amazing. We use the same EMR, just accessed differently. very very differently. So we have the same issues, do a differing level, application wise,.. network/computer wise - we are 10x more involved. (would you agree @Dashrender ) His org goes direct, whereas we use RDS. And there are a number of other differences. We use the AmbirScan card scanners and TS Scan on the desktop to the RDS session. We also have nearly fifty printers and and Zebra printers. Our RDS Pool is suspended over night for cost. Everything is across a VPN... 
- 
 @jasgot said in hot potato workers: But RDP is not an option. (yet!)  in hisenvironment - I don't think RDS would ever be an option. The infrastructure changes needed are quite involved.
- 
 @pete-s said in hot potato workers: @dashrender said in hot potato workers: @jasgot said in hot potato workers: I keep thinking about this. It's the kind of problem I love to tackle.  If the scanner redirector from terminalworks does indeed allow you to use the scanner with you insurance/single use issue, then mandatory roaming profiles may work well for you. BTW: for some reason, I think the termnalworks software disconnects the link to the scanner if the RDP session goes into a disconnected state. This should work well for insurance/one user issue. Personally - I'm not a fan of the RDS solution - it's so expensive. I'd like a solution at the desktop instead... not sure I'll get one, but it's where I'm currently trying to aim. Will the scanner work in the following scenario? - User A logs in and scans
- User A locks the screen and goes away
- User B logs in
- User B unplugs the scanner physically and then plugs it in again
- User B starts working and scanning
 Do you think what I'm thinking? Not likely - because the software is still actively running under user A 
- 
 @pete-s said in hot potato workers: Is it possible to run a script with admin rights that terminates the scanner software when a new user logs in? Now there's an idea... So - 
 User A logs in - locks
 user B logs in - script kills software, software auto relaunches - user b locks.The question is - when user A logs in again - is that seen as a new user logging in? or just a resume of previous session? If the script can be made to run every time, this would be a possible solution to that specific issue. 



