hot potato workers
-
I have a front desk area of 10 workstations that I need to allow these 10 workers and about 20 others to randomly log into any of these 10 stations and have full function.
Each station has an insurance card scanner - software will only load for one profile at a time. I.e. if person 1 is logged in, then person 2 logs in while suspending (not logging off) person 1, the scanner won't work.
The printers are based on front desk location, so it's workstation based, regardless of who logs in.
Lastpass needs to be installed into Chrome and ready to go regardless of who logs into the PC.
As already mentioned - as backup to sick front desk staff, a group of 20 or so can be assigned to fill in as needed, and they need the ability to do all functions from these computers as well.
Because it's a medical shop - my users need the ability to lock their computers when they go to the bathroom - so I'm thinking a shared account likely isn't going to work.
-
Even though I said shared logons likely won't work - I'm going to start there with one possibility.
With a shared logon to Windows - anybody could sit down and just start using the machine.
Since there is only the one shared user - the scanner should always work, and the same goes for the printers - they'll just be mapped under this shared user. This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.
our apps are all web based - so shortcuts, favorites, etc can be made for the ones needed on this computer.
The catch is the locking of the computer - you can't lock a computer and have any real security in a shared user situation. Therefore any time you left eyesight of the computer, you'd have to log out of all of your apps, close Lastpass, etc - go do whatever, then come back and log back into all your stuff. - That idea won't go over well.
-
Another idea is and RDS setup.
My biggest concern about this is the scanner. I have no idea if it will work in a multi-user environment like RDS. In fact I doubt it will since it won't work in a multi-user environment like Windows 10.
There are replacement solutions for the insurance card scanner that might work in an RDS situation.
RDS is nice because it just follows the user around where ever they login. But I wouldn't want my non Front desk staff to be using the RDS session unless they were at the Front Desk. This potentially means creating two Windows profiles for them.
-
Since I know the application ( I believe) - is this (application) direct or via an RDP session?
-
@gjacobse said in hot potato workers:
Since I know the application ( I believe) - is this (application) direct or via an RDP session?
There is not RDP/RDS in this situation. Everything runs from a local browser/app.
If by application you mean athenaNet - that's one of many.
The scanner application is Inuvio's ScanSharp.
Web logons are:
athenaNet
M365
Paycom - timeclock
payaconnect - CC processor -
@dashrender said in hot potato workers:
Web logons are:
athenaNetInteresting - so you are not using a RDP session to host the AthenaNet as an additional security layer?
-
@gjacobse said in hot potato workers:
@dashrender said in hot potato workers:
Web logons are:
athenaNetInteresting - so you are not using a RDP session to host the AthenaNet as an additional security layer?
No - are you? And assuming you are - how do you handle insurance card uploads, paperwork uploads, local device attachment, etc? i mean I know RDS can map in a USB port, perhaps that works pretty good today - not so much in the past.
-
@dashrender said in hot potato workers:
@gjacobse said in hot potato workers:
@dashrender said in hot potato workers:
Web logons are:
athenaNetInteresting - so you are not using a RDP session to host the AthenaNet as an additional security layer?
No - are you? And assuming you are - how do you handle insurance card uploads, paperwork uploads, local device attachment, etc? i mean I know RDS can map in a USB port, perhaps that works pretty good today - not so much in the past.
We have a number of Ambir Scanners for insurance / id cards... working 'fine' in the RDP
-
@gjacobse said in hot potato workers:
@dashrender said in hot potato workers:
@gjacobse said in hot potato workers:
@dashrender said in hot potato workers:
Web logons are:
athenaNetInteresting - so you are not using a RDP session to host the AthenaNet as an additional security layer?
No - are you? And assuming you are - how do you handle insurance card uploads, paperwork uploads, local device attachment, etc? i mean I know RDS can map in a USB port, perhaps that works pretty good today - not so much in the past.
We have a number of Ambir Scanners for insurance / id cards... working 'fine' in the RDP
Tell me about your RDP environment - does each person have their own full windows 10 desktop in Azure? or is it an RDS server?
I don't use ambir's software, I'll have to take a look at it.
-
I believe this to be the current model deployed:
Ambir ds687
-
@dashrender said in hot potato workers:
@gjacobse said in hot potato workers:
@dashrender said in hot potato workers:
@gjacobse said in hot potato workers:
@dashrender said in hot potato workers:
Web logons are:
athenaNetInteresting - so you are not using a RDP session to host the AthenaNet as an additional security layer?
No - are you? And assuming you are - how do you handle insurance card uploads, paperwork uploads, local device attachment, etc? i mean I know RDS can map in a USB port, perhaps that works pretty good today - not so much in the past.
We have a number of Ambir Scanners for insurance / id cards... working 'fine' in the RDP
Tell me about your RDP environment - does each person have their own full windows 10 desktop in Azure? or is it an RDS server?
I don't use ambir's software, I'll have to take a look at it.
Using a RDS Balancer, so you can use the same server for days and then get kicked to a different one,... a total of 15 RDS servers.
-
@gjacobse Are you doing full desktops or only deploying the browser for athenaNet?
-
@dashrender said in hot potato workers:
@gjacobse Are you doing full desktops or only deploying the browser for athenaNet?
Full Desktop
-
@dashrender said in hot potato workers:
This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.
But it won't be logged in to the right user.
Browser sessions won't be the right user.
Just an all around bad idea.
-
@jaredbusch said in hot potato workers:
@dashrender said in hot potato workers:
This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.
But it won't be logged in to the right user.
Browser sessions won't be the right user.
Just an all around bad idea.
LP will be set to log out upon the browser closing -
There's only so much I can do for the users - They have to log out of Outlook, they have to log out of athena - they need to close the browser or log out of LP... so that's really not a big concern in my mind.
IF - IF they can log out those things.. this is not an issue. tons of places use shared computers with the full expectation that once you are done YOU will log out when finished to prevent the next person getting access to your crap.
-
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@dashrender said in hot potato workers:
This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.
But it won't be logged in to the right user.
Browser sessions won't be the right user.
Just an all around bad idea.
LP will be set to log out upon the browser closing -
There's only so much I can do for the users - They have to log out of Outlook, they have to log out of athena - they need to close the browser or log out of LP... so that's really not a big concern in my mind.
IF - IF they can log out those things.. this is not an issue. tons of places use shared computers with the full expectation that once you are done YOU will log out when finished to prevent the next person getting access to your crap.
Force Edge to always use porn mode. That should help.
-
@jaredbusch said in hot potato workers:
@dashrender said in hot potato workers:
@jaredbusch said in hot potato workers:
@dashrender said in hot potato workers:
This also solves the Lastpass situation, as once it's setup under the shared user, it should just remain there.
But it won't be logged in to the right user.
Browser sessions won't be the right user.
Just an all around bad idea.
LP will be set to log out upon the browser closing -
There's only so much I can do for the users - They have to log out of Outlook, they have to log out of athena - they need to close the browser or log out of LP... so that's really not a big concern in my mind.
IF - IF they can log out those things.. this is not an issue. tons of places use shared computers with the full expectation that once you are done YOU will log out when finished to prevent the next person getting access to your crap.
Force Edge to always use porn mode. That should help.
that helps as long as the browser is closed when the user is finished -
-
Not done the comparison - but we use SecureDen.. The group (about seven of us) see the same thing, get MFA'd ...
-
@jaredbusch said in hot potato workers:
Force Edge to always use porn mode. That should help.
Helpful Hint: Don't google: "Edge Porn Mode"
-
@jasgot said in hot potato workers:
@jaredbusch said in hot potato workers:
Force Edge to always use porn mode. That should help.
Helpful Hint: Don't google: "Edge Porn Mode"
LOL... That so makes me want to. But No. Pass.