Best way to maintain some remote control but not absolute?
- 
 @scottalanmiller said in Best way to maintain some remote control but not absolute?: @guyinpv said in Best way to maintain some remote control but not absolute?: In my own case, I'm not doing regular work or maintenance, so there lies the difference between unattended access or not. I must be missing something, I see zero difference. In both cases you "can" access and in both cases you are trusted to "not" access things you are not supposed to. That they log in whenever they feel like working and you do not feels like a red herring to me, I don't see any reason that that is important or relevant. If I were a business owner and did not have any kind of agreement or arrangement with a contractor, I simply wouldn't want them leaving their crap on my systems. It doesn't even matter if I'm always calling them for the work, we don't have an agreement for them to store their tools in my shed, hang their hat on my hook, or install their personal support tools on my computers. I've been to homes where I found "support" tools installed by local IT shops and the people didn't even recall any agreement to have such a thing installed in the first place. Maybe they will change their support guy one day without telling me? They aren't smart enough to know the tools I have running, or how to remove them safely. They may even buy a new computer or reload one and have no idea that I need to get my stuff back on there. All of this just makes me think I should have an agreement or contract or at least an understanding, written or not, that I can access things unattended if needs be. Especially when the environment has PCI constraints or HIPAA. I suppose I'm being overly cautious. Doesn't hurt to dig in to these meta-issues sometimes. 
- 
 @guyinpv said in Best way to maintain some remote control but not absolute?: If I were a business owner and did not have any kind of agreement or arrangement with a contractor, I simply wouldn't want them leaving their crap on my systems. It doesn't even matter if I'm always calling them for the work, we don't have an agreement for them to store their tools in my shed, hang their hat on my hook, or install their personal support tools on my computers. Well that's not a very smart way to run a business. That's downright foolish, right? The agreement is totally a red herring and the need for cost effective work is what matters. That's just not smart business. But it's up to them, but if that's the case, maybe drop those customers, they aren't likely to be around long if they are that emotionally driven and confused about how business works. Seriously, most SMBs fail quickly, if you can spot those that lack clear business thinking early, you can save yourself a lot of "not getting paid." 
- 
 @guyinpv said in Best way to maintain some remote control but not absolute?: I've been to homes where I found "support" tools installed by local IT shops and the people didn't even recall any agreement to have such a thing installed in the first place. Sure, and lots of those bench shops are scams, and lots of people who use them are idiots would probably deployed those tools themselves. Both happen a lot, but don't apply here. 
- 
 @guyinpv said in Best way to maintain some remote control but not absolute?: Maybe they will change their support guy one day without telling me? They aren't smart enough to know the tools I have running, or how to remove them safely. They may even buy a new computer or reload one and have no idea that I need to get my stuff back on there. And what if they do? I still don't see the connection. Lots of shops use multiple support people. If they use a competitor, that again seems like a red herring. If you dont access when you are not supposed to, it makes no difference. If they want to cut you off explicitly, they can. Why would they cut you off just because they also use someone else or move to someone else? That doesn't make logical sense. If they can't get your support tools back on there, then you are only as bad off as if they had never been there in the first place, right? And clearly that means that you were not their support person, anyway, since you didn't do the work nor did they consult you. 
- 
 @guyinpv said in Best way to maintain some remote control but not absolute?: All of this just makes me think I should have an agreement or contract or at least an understanding, written or not, that I can access things unattended if needs be. That's find if you want to. But just understand... this is all for you because you want to. It's not normal nor needed. All you do is let them know that you want to do it and get the agreement, that's it. Everything else is just for your own personal desires. It doesn't do anything for you legally, nothing for your business relationship, doesn't change how things work, doesn't protect you in any way. 
- 
 @scottalanmiller said in Best way to maintain some remote control but not absolute?: @Dashrender make sure that you pass those costs onto the clients, or otherwise you just invested in their business twice. Once in paying for their tools, and again in getting paid to do half as much work! I didn't buy the remote access software/suite, they did. So there was no cost to me. Of course in making my life better I also decreased my billing, but I wanted my personal time back more than I wanted to be paid for driving there. 
- 
 @scottalanmiller said in Best way to maintain some remote control but not absolute?: Why would they cut you off just because they also use someone else or move to someone else? That doesn't make logical sense. What? If they hire someone else to do that job the OP is doing, I would fully expect them to cut the OP off. Of course, the new support person should be doing their investigation to make sure that's the case. If they can't get your support tools back on there, then you are only as bad off as if they had never been there in the first place, right? And clearly that means that you were not their support person, anyway, since you didn't do the work nor did they consult you. Absolutely right. If they buy something and don't tell you, it's not suddenly your fault that you can't remotely access that new equipment. 
- 
 One of the things I remind my boss of yearly is - the moment you don't trust me, you MUST fire me! I'm completely sincere about this. As the IT person, there is almost nothing you can't do. You could install backdoors, remote access, etc, etc, etc and most SMBs would NEVER have a clue. So I wonder, do you not trust yourself to do the right thing? As long as you do, and you're up front and honest with the client, I'm sure they will be fine. As for remote access - do what I did - Don't make it your choice. Make it their choice and their bill. If they want the tools to have you work remotely, help them get them setup, but make sure the bill is in their name. You should also create an admin level account give it to them in a sealed envelope and tell them this is their break glass in case of emergency situation. This is what I do for my client who has remote access. I could have setup my own account, put all of their computers into it, sent them a monthly bill for the possible access (talk to @JaredBusch and @hubtechagain - they both do this). You could purchase a RMM (remote machine management) suite that includes things like AV, then you could bill them more. etc etc... This all depends on how involved you want to be. But as far as the remote access goes - if they don't want you to have access except when they expressly permit it.. then they could change the password on the account you create in the remote control software themselves every time you are done, then give you the new password the next time they need server, then change, and give and change and give, etc. 
- 
 What I've done is use NoMachine and ZeroTier. The NoMachine client gives you access to the current display on the remote system. You get a white board and chat capability and also sound. Bundled with ZeroTier I can do this from anywhere. This doesn't solve the problem of a one off situation, but these were people I was regularly helping. 
- 
 @stacksofplates said in Best way to maintain some remote control but not absolute?: What I've done is use NoMachine and ZeroTier. The NoMachine client gives you access to the current display on the remote system. You get a white board and chat capability and also sound. Bundled with ZeroTier I can do this from anywhere. This doesn't solve the problem of a one off situation, but these were people I was regularly helping. NX on jump stations and a jump station network thanks to ZT? Or am I picturing this incorrectly? 
- 
 @Dashrender said in Best way to maintain some remote control but not absolute?: @scottalanmiller said in Best way to maintain some remote control but not absolute?: Why would they cut you off just because they also use someone else or move to someone else? That doesn't make logical sense. What? If they hire someone else to do that job the OP is doing, I would fully expect them to cut the OP off. Of course, the new support person should be doing their investigation to make sure that's the case. Why? SUpport is not an all or nothing thing. It is common to have multiple support people or companies and to have them do different things or to work at different times. There is no reason to cut off one support person just because you are using another one. 
- 
 @Dashrender said in Best way to maintain some remote control but not absolute?: Absolutely right. If they buy something and don't tell you, it's not suddenly your fault that you can't remotely access that new equipment. And it means that they've gone with a new support person. So by the logic that you would never leave support for you if they used anyone else for something, this would be a benefit rather than a curse, right? (Pointing out why that logic doesn't hold.) 
- 
 @Dashrender said in Best way to maintain some remote control but not absolute?: But as far as the remote access goes - if they don't want you to have access except when they expressly permit it.. then they could change the password on the account you create in the remote control software themselves every time you are done, then give you the new password the next time they need server, then change, and give and change and give, etc. This would require decentralized control, which adds a bit of complication compared to centralized control. But doable. 
- 
 @Dashrender said in Best way to maintain some remote control but not absolute?: @scottalanmiller said in Best way to maintain some remote control but not absolute?: @Dashrender make sure that you pass those costs onto the clients, or otherwise you just invested in their business twice. Once in paying for their tools, and again in getting paid to do half as much work! I didn't buy the remote access software/suite, they did. So there was no cost to me. Of course in making my life better I also decreased my billing, but I wanted my personal time back more than I wanted to be paid for driving there. Oh okay, that's better. 
- 
 @scottalanmiller said in Best way to maintain some remote control but not absolute?: @Dashrender said in Best way to maintain some remote control but not absolute?: @scottalanmiller said in Best way to maintain some remote control but not absolute?: Why would they cut you off just because they also use someone else or move to someone else? That doesn't make logical sense. What? If they hire someone else to do that job the OP is doing, I would fully expect them to cut the OP off. Of course, the new support person should be doing their investigation to make sure that's the case. Why? SUpport is not an all or nothing thing. It is common to have multiple support people or companies and to have them do different things or to work at different times. There is no reason to cut off one support person just because you are using another one. If they hire someone else to do the OP's job - why are they keeping the OP around? Unless they have given the OP another job to do. Now if they hire another support vendor to do something the OP does not do.. then of course, they both work equally. 
- 
 @scottalanmiller said in Best way to maintain some remote control but not absolute?: @Dashrender said in Best way to maintain some remote control but not absolute?: But as far as the remote access goes - if they don't want you to have access except when they expressly permit it.. then they could change the password on the account you create in the remote control software themselves every time you are done, then give you the new password the next time they need server, then change, and give and change and give, etc. This would require decentralized control, which adds a bit of complication compared to centralized control. But doable. How is this decentralized? and if it is, then NTG has decentralized control in their SC setup since multiple people have access to the admin system (hopefully each with their own account) and can lock others out. 
- 
 @scottalanmiller said in Best way to maintain some remote control but not absolute?: @Dashrender said in Best way to maintain some remote control but not absolute?: @scottalanmiller said in Best way to maintain some remote control but not absolute?: @Dashrender make sure that you pass those costs onto the clients, or otherwise you just invested in their business twice. Once in paying for their tools, and again in getting paid to do half as much work! I didn't buy the remote access software/suite, they did. So there was no cost to me. Of course in making my life better I also decreased my billing, but I wanted my personal time back more than I wanted to be paid for driving there. Oh okay, that's better. now with all that in mind... I could raise my rates because I would be making less money - I wonder how many companies do that? 
- 
 @scottalanmiller said in Best way to maintain some remote control but not absolute?: @stacksofplates said in Best way to maintain some remote control but not absolute?: What I've done is use NoMachine and ZeroTier. The NoMachine client gives you access to the current display on the remote system. You get a white board and chat capability and also sound. Bundled with ZeroTier I can do this from anywhere. This doesn't solve the problem of a one off situation, but these were people I was regularly helping. NX on jump stations and a jump station network thanks to ZT? Or am I picturing this incorrectly? No, I have NoMachine actually on the Windows clients. So I can remote in from Windows or Linux via NX to their Windows desktop over ZT. 
- 
 @scottalanmiller said in Best way to maintain some remote control but not absolute?: @guyinpv said in Best way to maintain some remote control but not absolute?: If I were a business owner and did not have any kind of agreement or arrangement with a contractor, I simply wouldn't want them leaving their crap on my systems. It doesn't even matter if I'm always calling them for the work, we don't have an agreement for them to store their tools in my shed, hang their hat on my hook, or install their personal support tools on my computers. Well that's not a very smart way to run a business Is it?? When you've had multiple employees steal from you, do "secret" things, reveal corporate secrets to competitors, or try to entangle the boss in a legal scuffle because they don't like their job. After a while, the boss just isn't interested in giving any random people any special privileges, access rights, full time control abilities, secret software only they know how to use, etc. Sure it's paranoia, but if your last accountant stole money, how likely are you to tell the next one "ya do what you want, why not!?" 
- 
 @guyinpv said in Best way to maintain some remote control but not absolute?: @scottalanmiller said in Best way to maintain some remote control but not absolute?: @guyinpv said in Best way to maintain some remote control but not absolute?: If I were a business owner and did not have any kind of agreement or arrangement with a contractor, I simply wouldn't want them leaving their crap on my systems. It doesn't even matter if I'm always calling them for the work, we don't have an agreement for them to store their tools in my shed, hang their hat on my hook, or install their personal support tools on my computers. Well that's not a very smart way to run a business Is it?? When you've had multiple employees steal from you, do "secret" things, reveal corporate secrets to competitors, or try to entangle the boss in a legal scuffle because they don't like their job. After a while, the boss just isn't interested in giving any random people any special privileges, access rights, full time control abilities, secret software only they know how to use, etc. Sure it's paranoia, but if your last accountant stole money, how likely are you to tell the next one "ya do what you want, why not!?" You have to have trust with people who are working for you, otherwise you spend all your time looking over their shoulder getting nothing done. But this doesn't mean that you can't/don't put audit trails in place to alert you when weird things are going on. In the case of the accountant, that could be a second accountant who's job it is to look over the books on some sort of schedule, or the owner sitting down with them, etc. But if you switch from having the accountant do their job, to one where they are getting your approval every time they make an entry into the accounting system, then neither of you will get much work done. 



