Does Mesh Central support blanking remote screen
-
@jaredbusch said in Does Mesh Central support blanking remote screen:
@krzykat said in Does Mesh Central support blanking remote screen:
@jaredbusch Client uses it for remote access to their office while they work from home a few days a week and doesn't want someone snooping in their office while they aren't there watching what they are doing.
Remote work then, not remote support. Ok.
In that case, but our remote support is remote work and often we are assisting a user doing tasks (troubleshooting, training, or they need to work while we work) and they sometimes need stuff on the screen to not be seen because they can't always stay there guarding the computer.
-
@gjacobse said in Does Mesh Central support blanking remote screen:
@krzykat said in Does Mesh Central support blanking remote screen:
blanking the screen
I can see locking the input,.. at the least.
That it has.
-
@scottalanmiller said in Does Mesh Central support blanking remote screen:
- Potentially showing private data on the screen and not knowing who can see it
What would you ever load on the remote instance that the user should not see?
(or who can grab the mouse and use the logged in session.)
2. Customers who won't stop interacting while you work (but we CAN disable their input, so that's covered.)This is a different issue and not what was asked. Input blocking is completely understood.
- Customers watching without understanding and complaining that they would do it better, differently, faster, blah blah blah, and interrupting instead of letting us work.
Not a concern. If they want to try and nickel and dime, I fire them. I don't want those kinds of customers. If it is Bob in sales, I don't care at all. If I am in the principal contact system, I am likely on the phone the entire time anyway. Also they trust us. I don't care about user bitching.
-
@scottalanmiller So MC doesn't have an option for this as far as you know?
-
@jaredbusch said in Does Mesh Central support blanking remote screen:
What would you ever load on the remote instance that the user should not see?
Why load? MOst of the time we log into machines that have that stuff already on the screen. We just cause the screen to unlock and don't know who can see it. VERY often for us, that this case comes up, it is a medical system in a room where a doctor may or may not be, and a patient may or may not be, and the patient may or may not have someone watching them.
Doing end user support tasks, which is common with MeshCentral because it does remote GUI so not really for servers, means a LOT of situations where we are working on a system where a user is showing sensitive data and/or we are operating systems with said data. We often have to operate financial or medical or other sensitive applications because we support them. One major system we support automatically displays patient records upon initiation. Just testing if the application starts shows data (not SUPER sensitive, but not stuff that should be public to a customer.)
-
@krzykat said in Does Mesh Central support blanking remote screen:
@scottalanmiller So MC doesn't have an option for this as far as you know?
I could not find one. I'm asking our support team.
-
@jaredbusch said in Does Mesh Central support blanking remote screen:
Not a concern. If they want to try and nickel and dime, I fire them. I don't want those kinds of customers. If it is Bob in sales, I don't care at all. If I am in the principal contact system, I am likely on the phone the entire time anyway. Also they trust us. I don't care about user bitching.
That's valid, but I find almost everyone gets way to "micromanagery" if you let them. Why tempt fate?
That said, we use MC and don't have this feature. Just saying we'd like the option too.
-
@scottalanmiller said in Does Mesh Central support blanking remote screen:
@jaredbusch said in Does Mesh Central support blanking remote screen:
Why do you want this? I know it exists in other solutions. But the point of these tools is typically remote support. Who cares if the user can see the screen? I am truly interested in the answer.
For us, it comes up for a few reasons.
- Potentially showing private data on the screen and not knowing who can see it (or who can grab the mouse and use the logged in session.)
- Customers who won't stop interacting while you work (but we CAN disable their input, so that's covered.)
- Customers watching without understanding and complaining that they would do it better, differently, faster, blah blah blah, and interrupting instead of letting us work.
If I ask for remote help, and my input gets disabled and screen goes blank, I will unplug that shit immediately and never ask for help again. Wtf kind of private info are you displaying that the person reaching out for help shouldn't see?
-
@scottalanmiller said in Does Mesh Central support blanking remote screen:
Why load? MOst of the time we log into machines that have that stuff already on the screen. We just cause the screen to unlock and don't know who can see it. VERY often for us, that this case comes up, it is a medical system in a room where a doctor may or may not be, and a patient may or may not be, and the patient may or may not have someone watching them.
Logging in to a remote system with potential PHI active on it without a user present? Never. Your entire scenario is a PHI data breach.
-
@jaredbusch said in Does Mesh Central support blanking remote screen:
@scottalanmiller said in Does Mesh Central support blanking remote screen:
Why load? MOst of the time we log into machines that have that stuff already on the screen. We just cause the screen to unlock and don't know who can see it. VERY often for us, that this case comes up, it is a medical system in a room where a doctor may or may not be, and a patient may or may not be, and the patient may or may not have someone watching them.
Logging in to a remote system with potential PHI active on it without a user present? Never. Your entire scenario is a PHI data breach.
Hence the need to blank the screen so that it is the same as any VDI style medical system.
-
@scottalanmiller said in Does Mesh Central support blanking remote screen:
@jaredbusch said in Does Mesh Central support blanking remote screen:
@scottalanmiller said in Does Mesh Central support blanking remote screen:
Why load? MOst of the time we log into machines that have that stuff already on the screen. We just cause the screen to unlock and don't know who can see it. VERY often for us, that this case comes up, it is a medical system in a room where a doctor may or may not be, and a patient may or may not be, and the patient may or may not have someone watching them.
Logging in to a remote system with potential PHI active on it without a user present? Never. Your entire scenario is a PHI data breach.
Hence the need to blank the screen so that it is the same as any VDI style medical system.
No he's saying IT should not have unmonitored access to PHI data. You are logged in as that user so it's not really auditable.
-
@scottalanmiller said in Does Mesh Central support blanking remote screen:
@jaredbusch said in Does Mesh Central support blanking remote screen:
@scottalanmiller said in Does Mesh Central support blanking remote screen:
Why load? MOst of the time we log into machines that have that stuff already on the screen. We just cause the screen to unlock and don't know who can see it. VERY often for us, that this case comes up, it is a medical system in a room where a doctor may or may not be, and a patient may or may not be, and the patient may or may not have someone watching them.
Logging in to a remote system with potential PHI active on it without a user present? Never. Your entire scenario is a PHI data breach.
Hence the need to blank the screen so that it is the same as any VDI style medical system.
No, your people are the breech. You should not need to see random PHI to support anything. If there is a can't print chart issues, etc, there should be a generic, fake, patient that can be used.
-
just checked my test system, see no option of screen blanking. you can lock the user session though.
-
@scottalanmiller unfortunately, it seems the answer is No.
-
@jaredbusch said in Does Mesh Central support blanking remote screen:
@scottalanmiller said in Does Mesh Central support blanking remote screen:
@jaredbusch said in Does Mesh Central support blanking remote screen:
@scottalanmiller said in Does Mesh Central support blanking remote screen:
Why load? MOst of the time we log into machines that have that stuff already on the screen. We just cause the screen to unlock and don't know who can see it. VERY often for us, that this case comes up, it is a medical system in a room where a doctor may or may not be, and a patient may or may not be, and the patient may or may not have someone watching them.
Logging in to a remote system with potential PHI active on it without a user present? Never. Your entire scenario is a PHI data breach.
Hence the need to blank the screen so that it is the same as any VDI style medical system.
No, your people are the breech. You should not need to see random PHI to support anything. If there is a can't print chart issues, etc, there should be a generic, fake, patient that can be used.
I mean they are also managing peoples passwords and typing them in for the customers so you're already down a bad rabbit hole.
-
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
-
@dustinb3403 said in Does Mesh Central support blanking remote screen:
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
Then their option is to hire their own onsite personnel that handle the same tasks, won't be as qualified and cost them more money. If you don't trust your IT team ... well time to move on. I don't want any clients that don't trust us.
-
@dustinb3403 said in Does Mesh Central support blanking remote screen:
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
It's all about the data. PHI and confidential secrets should not be seen by support. Yes there may be a patient up on a screen when troubleshooting an issue, but you should not have the ability to scroll through records unaudited. When you blank out the screen you could query patient data under the user's login.
I worked at the hospital system that treated all patients of the Orlando mass shooting. Our hospital system was very proud that we saved every person that made it to the ER alive. Anyway, in the aftermath 6-8 employees were fired for accessing PHI that wasn't a need to know. In most cases it was a friend or someone close to the family.
-
@krzykat said in Does Mesh Central support blanking remote screen:
@dustinb3403 said in Does Mesh Central support blanking remote screen:
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
Then their option is to hire their own onsite personnel that handle the same tasks, won't be as qualified and cost them more money. If you don't trust your IT team ... well time to move on. I don't want any clients that don't trust us.
Insider threat is the number one threat.
-
@krzykat said in Does Mesh Central support blanking remote screen:
@dustinb3403 said in Does Mesh Central support blanking remote screen:
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
Then their option is to hire their own onsite personnel that handle the same tasks, won't be as qualified and cost them more money. If you don't trust your IT team ... well time to move on. I don't want any clients that don't trust us.
Yes exactly, either trust your support team or not, from time to time we may access the same vcenter guest console. Same difference with our support tool except we aren't authenticating to vcenter.