hot potato workers
-
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@dashrender said in hot potato workers:
This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.
But it won't be logged in to the right user.
Browser sessions won't be the right user.
Just an all around bad idea.
LP will be set to log out upon the browser closing -
There's only so much I can do for the users - They have to log out of Outlook, they have to log out of athena - they need to close the browser or log out of LP... so that's really not a big concern in my mind.
IF - IF they can log out those things.. this is not an issue. tons of places use shared computers with the full expectation that once you are done YOU will log out when finished to prevent the next person getting access to your crap.
Force Edge to always use porn mode. That should help.
that helps as long as the browser is closed when the user is finished -
Fixes the issues you raised, which are also user management issues.
So simply make the policy close the fucking browser.
-
@dashrender said in hot potato workers:
I have a front desk area of 10 workstations that I need to allow these 10 workers and about 20 others to randomly log into any of these 10 stations and have full function.
Each station has an insurance card scanner - software will only load for one profile at a time. I.e. if person 1 is logged in, then person 2 logs in while suspending (not logging off) person 1, the scanner won't work.
The printers are based on front desk location, so it's workstation based, regardless of who logs in.
Lastpass needs to be installed into Chrome and ready to go regardless of who logs into the PC.
As already mentioned - as backup to sick front desk staff, a group of 20 or so can be assigned to fill in as needed, and they need the ability to do all functions from these computers as well.
Because it's a medical shop - my users need the ability to lock their computers when they go to the bathroom - so I'm thinking a shared account likely isn't going to work.
TL:DR entire thread, but why not disable fast user switching? That would force the user to have to log out if anything.
-
@obsolesce said in hot potato workers:
TL:DR entire thread, but why not disable fast user switching? That would force the user to have to log out if anything.
Completely forgot about that.
Can a normal user force log off a logged on user if the screen is locked? -
@jaredbusch said in hot potato workers:
@obsolesce said in hot potato workers:
TL:DR entire thread, but why not disable fast user switching? That would force the user to have to log out if anything.
Completely forgot about that.
Can a normal user force log off a logged on user if the screen is locked?nope.
-
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@obsolesce said in hot potato workers:
TL:DR entire thread, but why not disable fast user switching? That would force the user to have to log out if anything.
Completely forgot about that.
Can a normal user force log off a logged on user if the screen is locked?nope.
You could turn on auditing for logon/logoff events, then run a logoff script when the lock event triggers if that's an issue.
-
@obsolesce said in hot potato workers:
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@obsolesce said in hot potato workers:
TL:DR entire thread, but why not disable fast user switching? That would force the user to have to log out if anything.
Completely forgot about that.
Can a normal user force log off a logged on user if the screen is locked?nope.
You could turn on auditing for logon/logoff events, then run a logoff script when the lock event triggers if that's an issue.
Lock is a normal event though when a user walks away and is coming back. Forcing a log off would be a huge productivity sink
-
@obsolesce said in hot potato workers:
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@obsolesce said in hot potato workers:
TL:DR entire thread, but why not disable fast user switching? That would force the user to have to log out if anything.
Completely forgot about that.
Can a normal user force log off a logged on user if the screen is locked?nope.
You could turn on auditing for logon/logoff events, then run a logoff script when the lock event triggers if that's an issue.
Oh man - now that's an interesting idea...
-
@jaredbusch said in hot potato workers:
@obsolesce said in hot potato workers:
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@obsolesce said in hot potato workers:
TL:DR entire thread, but why not disable fast user switching? That would force the user to have to log out if anything.
Completely forgot about that.
Can a normal user force log off a logged on user if the screen is locked?nope.
You could turn on auditing for logon/logoff events, then run a logoff script when the lock event triggers if that's an issue.
Lock is a normal event though when a user walks away and is coming back. Forcing a log off would be a huge productivity sink
Not if you look at the case above where I said that Lock is completely unusable because of the shared account.
-
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@obsolesce said in hot potato workers:
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@obsolesce said in hot potato workers:
TL:DR entire thread, but why not disable fast user switching? That would force the user to have to log out if anything.
Completely forgot about that.
Can a normal user force log off a logged on user if the screen is locked?nope.
You could turn on auditing for logon/logoff events, then run a logoff script when the lock event triggers if that's an issue.
Lock is a normal event though when a user walks away and is coming back. Forcing a log off would be a huge productivity sink
Not if you look at the case above where I said that Lock is completely unusable because of the shared account.
Yes, but what is the user impact to a log on event multiple times per day?
Not saying it is the wrong solution, but this type of issue needs to be resolved around a solution that is the least impactful to user productivity while still meeting the security and technical requirements.
-
@jaredbusch said in hot potato workers:
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@obsolesce said in hot potato workers:
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@obsolesce said in hot potato workers:
TL:DR entire thread, but why not disable fast user switching? That would force the user to have to log out if anything.
Completely forgot about that.
Can a normal user force log off a logged on user if the screen is locked?nope.
You could turn on auditing for logon/logoff events, then run a logoff script when the lock event triggers if that's an issue.
Lock is a normal event though when a user walks away and is coming back. Forcing a log off would be a huge productivity sink
Not if you look at the case above where I said that Lock is completely unusable because of the shared account.
Yes, but what is the user impact to a log on event multiple times per day?
Not saying it is the wrong solution, but this type of issue needs to be resolved around a solution that is the least impactful to user productivity while still meeting the security and technical requirements.
Of course it does - which is why I have this topic.
I don't believe a shared account is anywhere near optimal.
Ultimately I believe I'm going to have to create some scripts that will ensure all the required settings are in place whenever any user logs in. Of course - this will make a first time user (or a user after their profile has been removed) unhappy as they wait for the scripts to run.
I already mentioned the things above I need to be there every time anyone logs into these computers...
specific printers based on location of front desk
short cuts to specific websites
Lastpass installed and enabled in Chrome at least, Edge would be useful -
I know that if users use typical domain logons, I can tweak the computers to not allow multi-user use. i.e. if a second person wants to log in, the first has to log out. So assuming I use a situation where everyone uses their own logons, this tweak would solve my local scanner issue.
Of course it will result in plenty of forced shutdowns because users lock the computer instead of logging off.I know I could force reboots over night, and that would do the force logoff for me - 6 of one, half dozen the other for this point.
-
@dashrender said in hot potato workers:
I have a front desk area of 10 workstations that I need to allow these 10 workers and about 20 others to randomly log into any of these 10 stations and have full function.
Each station has an insurance card scanner - software will only load for one profile at a time. I.e. if person 1 is logged in, then person 2 logs in while suspending (not logging off) person 1, the scanner won't work.
The printers are based on front desk location, so it's workstation based, regardless of who logs in.
Lastpass needs to be installed into Chrome and ready to go regardless of who logs into the PC.
As already mentioned - as backup to sick front desk staff, a group of 20 or so can be assigned to fill in as needed, and they need the ability to do all functions from these computers as well.
Because it's a medical shop - my users need the ability to lock their computers when they go to the bathroom - so I'm thinking a shared account likely isn't going to work.
Just an idea but why not use scanners that support network scanning and don't need a PC?
Having USB scanners is like having USB printers. Not great in a workgroup situation.
-
@pete-s said in hot potato workers:
@dashrender said in hot potato workers:
I have a front desk area of 10 workstations that I need to allow these 10 workers and about 20 others to randomly log into any of these 10 stations and have full function.
Each station has an insurance card scanner - software will only load for one profile at a time. I.e. if person 1 is logged in, then person 2 logs in while suspending (not logging off) person 1, the scanner won't work.
The printers are based on front desk location, so it's workstation based, regardless of who logs in.
Lastpass needs to be installed into Chrome and ready to go regardless of who logs into the PC.
As already mentioned - as backup to sick front desk staff, a group of 20 or so can be assigned to fill in as needed, and they need the ability to do all functions from these computers as well.
Because it's a medical shop - my users need the ability to lock their computers when they go to the bathroom - so I'm thinking a shared account likely isn't going to work.
Just an idea but why not use scanners that support network scanning and don't need a PC?
Having USB scanners is like having USB printers. Not great in a workgroup situation.
Our EMR only supports USB based scanning today. We've begged them to enable network based TWAIN - but they currently intentionally disable it.
-
@dashrender said in hot potato workers:
@pete-s said in hot potato workers:
@dashrender said in hot potato workers:
I have a front desk area of 10 workstations that I need to allow these 10 workers and about 20 others to randomly log into any of these 10 stations and have full function.
Each station has an insurance card scanner - software will only load for one profile at a time. I.e. if person 1 is logged in, then person 2 logs in while suspending (not logging off) person 1, the scanner won't work.
The printers are based on front desk location, so it's workstation based, regardless of who logs in.
Lastpass needs to be installed into Chrome and ready to go regardless of who logs into the PC.
As already mentioned - as backup to sick front desk staff, a group of 20 or so can be assigned to fill in as needed, and they need the ability to do all functions from these computers as well.
Because it's a medical shop - my users need the ability to lock their computers when they go to the bathroom - so I'm thinking a shared account likely isn't going to work.
Just an idea but why not use scanners that support network scanning and don't need a PC?
Having USB scanners is like having USB printers. Not great in a workgroup situation.
Our EMR only supports USB based scanning today. We've begged them to enable network based TWAIN - but they currently intentionally disable it.
-
@travisdh1 said in hot potato workers:
@dashrender said in hot potato workers:
@pete-s said in hot potato workers:
@dashrender said in hot potato workers:
I have a front desk area of 10 workstations that I need to allow these 10 workers and about 20 others to randomly log into any of these 10 stations and have full function.
Each station has an insurance card scanner - software will only load for one profile at a time. I.e. if person 1 is logged in, then person 2 logs in while suspending (not logging off) person 1, the scanner won't work.
The printers are based on front desk location, so it's workstation based, regardless of who logs in.
Lastpass needs to be installed into Chrome and ready to go regardless of who logs into the PC.
As already mentioned - as backup to sick front desk staff, a group of 20 or so can be assigned to fill in as needed, and they need the ability to do all functions from these computers as well.
Because it's a medical shop - my users need the ability to lock their computers when they go to the bathroom - so I'm thinking a shared account likely isn't going to work.
Just an idea but why not use scanners that support network scanning and don't need a PC?
Having USB scanners is like having USB printers. Not great in a workgroup situation.
Our EMR only supports USB based scanning today. We've begged them to enable network based TWAIN - but they currently intentionally disable it.
yep.. we've had two workgroup calls with them.. and about 20 people all begging them to turn it on.. stop manually blocking it!
-
@dashrender said in hot potato workers:
Another idea is and RDS setup.
My biggest concern about this is the scanner. I have no idea if it will work in a multi-user environment like RDS. In fact I doubt it will since it won't work in a multi-user environment like Windows 10.Have you considered TS Scan by Terminal works? https://www.terminalworks.com/remote-desktop-scanning
We use it for RDP scanning from remote USB scanners and it works great. You can test it for a trial period to see if it will handle multiple clients to one remote scanner. I think it will; one at a time.
-
@jasgot said in hot potato workers:
@dashrender said in hot potato workers:
Another idea is and RDS setup.
My biggest concern about this is the scanner. I have no idea if it will work in a multi-user environment like RDS. In fact I doubt it will since it won't work in a multi-user environment like Windows 10.Have you considered TS Scan by Terminal works? https://www.terminalworks.com/remote-desktop-scanning
We use it for RDP scanning from remote USB scanners and it works great. You can test it for a trial period to see if it will handle multiple clients to one remote scanner. I think it will; one at a time.
We have an insurance card scanner at each desk. I don't see this changing.
In fact, if anything - there have been discussions for years about adding a full size page scanner at each station. The biggest hold back on this is space. our primary location's front desk barely has enough room for the keyboard, mouse, phone and a cup of coffee. the insurance card scanner is crowded up under the monitors and pulled out when needed.
-
I keep thinking about this. It's the kind of problem I love to tackle.
If the scanner redirector from terminalworks does indeed allow you to use the scanner with you insurance/single use issue, then mandatory roaming profiles may work well for you.
BTW: for some reason, I think the termnalworks software disconnects the link to the scanner if the RDP session goes into a disconnected state. This should work well for insurance/one user issue.
-
@jasgot said in hot potato workers:
I keep thinking about this. It's the kind of problem I love to tackle.
If the scanner redirector from terminalworks does indeed allow you to use the scanner with you insurance/single use issue, then mandatory roaming profiles may work well for you.
BTW: for some reason, I think the termnalworks software disconnects the link to the scanner if the RDP session goes into a disconnected state. This should work well for insurance/one user issue.
Personally - I'm not a fan of the RDS solution - it's so expensive.
I'd like a solution at the desktop instead... not sure I'll get one, but it's where I'm currently trying to aim.
-
@dashrender said in hot potato workers:
@jasgot said in hot potato workers:
I keep thinking about this. It's the kind of problem I love to tackle.
If the scanner redirector from terminalworks does indeed allow you to use the scanner with you insurance/single use issue, then mandatory roaming profiles may work well for you.
BTW: for some reason, I think the termnalworks software disconnects the link to the scanner if the RDP session goes into a disconnected state. This should work well for insurance/one user issue.
Personally - I'm not a fan of the RDS solution - it's so expensive.
I'd like a solution at the desktop instead... not sure I'll get one, but it's where I'm currently trying to aim.
Will the scanner work in the following scenario?
- User A logs in and scans
- User A locks the screen and goes away
- User B logs in
- User B unplugs the scanner physically and then plugs it in again
- User B starts working and scanning
Do you think what I'm thinking?