@scottalanmiller said:

@Carnival-Boy we use LogMeIn and get emails at every connection.

I can't actually figure out how to do this and it would be very useful. Would you mind letting me know? Is it under the 'Manage Altert Packages' in LogMeIn Central? I've setup a few alerts but can't see one that handles this.

Yes. Vendor relationships are always about compromise.

I like to be in bed by 10. I must be pretty stupid.

How much does it cost to run a dummy address? I may need to do this for a business venture I'm starting up.

Well, OK. For two hours work it's pretty good. I'll delay further judgement until it's finished.

@scottalanmiller said:

@Carnival-Boy we use LogMeIn and get emails at every connection.

As far as I know, you can only configure e-mail alerts through the LogMeIn website. Since the vendors are using their own accounts, I don't have access to this. This is why I prefer to use my own LogMeIn account and give them login details. The other thing I could do with my own account is disable cached credentials, which is important since LogMeIn was vulnerable to Heartbleeed. I'm sure that vendors cache credentials - which should be a big no no.

@scottalanmiller said:

Maybe you need an MSP that does monitoring and is in active communications with people. Instead of only being emergency on call they actually work while you are gone getting stuff done.

Too expensive.

@Carnival-Boy said:

I was thinking of setting something up that e-mails me every time a vendor logs in to the domain. They're supposed to tell me whenever they connect, but they don't. Can anyone explain how I might achieve this?

You lot are useless I waited all day for the answer and in the end sorted it myself.

I create a new security group in AD and added the external users accounts to it.
I created a new GPO and added the new security group to it, and removed authenticated users from it.
I edited the GPO and under user config, windows settings, scripts, logon I added \server\netlogon\emaillogon.vbs
I wrote a vbs that e-mails me details of the logged on username and computer name.

Now, whenever an external support guy logs on to any of our servers, I'll immediately know about it.

This is a decent start to solving my worries.

Isn't this kind of thing exactly what the 'Self-promotion' section of ML is about though @david.wiese , to promote yourself?

When I see mission statements like yours I tend to think "blah, blah, blah....", but that's probably just me! I hate marketing speak.

"We offer so many services, it would not be feasable to list them all"
Why not? Also, spelling mistake?

When I scroll down whilst reading the text, the background, which doesn't scroll, makes my eyes go funny.

Because you talk about "we", it sounds like you're an IT company, yet you don't have an address? This is a big turn-off for me. Are you marketing the company or yourself? An IT company and an IT consultant are two separate things, and I'm confused as to which you are?

@Reid-Cooper said:

Some cities, famously Barcelona, is considered a top world travel destination but often cited as being pretty hard to live in.

A friend of a friend of mine worked for HP in Barcelona for a while. He loved it. The only issue was that they worked to American time-frames but partied to Spanish time-frames. So they were out until 1am every night having fun but then expected to start work at 8am. He burnt out after a while.

What I discovered last week, after going on holiday and the office suffering what should have been a minor power-cut related server issue, is no matter how much I brief people and no matter how much I leave instructions, when something happens everyone panics and forgets everything I've told them.

One of my colleagues is supposed to be the "IT co-coordinator" when I'm on holiday, and will liaise with vendors to get support, and gets extra training and documentation from me on what to do in an emergency when I'm away. Only last week, during the emergency, he went around telling everyone he no longer does that role and hasn't done it for years, so couldn't help. This was news to me!

I was going to do something similar for wallboards around the office displaying dashboards and KPIs for our sales and production staff via the intranet. But I'm now planning on using Chromecasts instead. Assuming Chromecast will work with my new Ubiquiti APs that is! I know not all wireless APs are supported. Plan C is Rasberry Pi.

I've setup three domain accounts for use by our ERP vendor, our PBX vendor and our MSP, so that they can do remote support on our servers. I'm paranoid about giving them access, as I don't feel vendors always take client security all that seriously, but they need remote access, especially when I'm on holiday, so what can I do. I initially created a Logmein account for them, so I can control access and log activity, but they hate that as they prefer to use their own Logmein/Teamviewer accounts, which I can understand. Unless I make it really simple for them, there's a high probability that I'll get called on holiday because they can't remember how to get access, so it's in my personal interest to let them use their own workflow to keep things simple and reliable for them.

Previously I'd disabled their domain accounts and only enabled them when I knew they wanted access. After they'd done what they needed to do, I'd disable the account. But this relied on me remembering to enable the accounts before I went on holiday. I could script this to make it easier. It wouldn't cover my sick-leave though, as I can't predict when I'm going to be sick. I could arrange for my colleague to run the script, but this adds a layer of complexity that increases the probability of failure. When the s**t hits the fan, the last thing you need is for the vendor to be unable to connect to solve the problem.

I was thinking of setting something up that e-mails me every time a vendor logs in to the domain. They're supposed to tell me whenever they connect, but they don't. Can anyone explain how I might achieve this?

Also, any general advice on managing vendor remote access to get the right balance between security and simplicity. Am I being too paranoid/controlling?

It's the new, new thing. Like Netbooks were the new, new thing a couple of years ago. I'm not convinced it will go anywhere though. I'm certainly not getting carried away. Mine's currently sitting in the cupboard unused and I suspect I'm not alone.

Northampton. A bit too far for you to travel.

Good luck. Where are you based?

@scottalanmiller said:

It had some like a doubling of market share in five months. It's doing a lot if damage.

What's its market share? Tiny, I suspect. There is no way it is doing a lot of damage. It might in the future, but at the moment it is just potential.

It's a niche product. Mostly for kiosks and kids as a way of saving a bit of money. Claims that it will seriously challenge Windows are very wide of the mark.

@scottalanmiller said:

Another article on the Chromebook menace to windows hegemony.

http://www.itworld.com/open-source/428137/chromebooks-are-freaking-out-microsoft

Hmmn, you got any links to real world facts rather than dodgy websites spewing unsubstantiated link-bait?

I'd like to see Chromebooks take offer a real alternative to Windows, but I just can't see it. It feels too much like a toy rather than a serious business solution (other than using them as cheap thin-clients for Windows).