Remote Employee Login

Ted_G_Freitas · March 17, 2020, 12:01pm

Does anyone know if there is a way to allow employees to remotely login to their desktops without having to use a technician license? We are trying to avoid setting up complicated VPN’s for clients desktops and making a single point and click login solution. Figured I would see if we could leverage Simple-Help for this. Thanks in advance everyone! I do have an email into support as well but figured I would try the community as well.

Shaun_Brachmann · March 18, 2020, 11:45pm

Nope. Technician license needed.

Robert_Harvey · March 22, 2020, 6:44pm

You mean like remote desktop with a nonstandard port so you can fw the port from your router to the computer in question?

the computer has to be pro or better to have access to it though remote desktop.

a regedit will allow you to change the remote desktop port.
You will also need to make the computer your wanting to connect to, static in the computer or tell the routers dns to bind that ip to that mac address.
forward the port in the router to the static ip.

if you have sign in problems check the network level authentication. NLA only works if you are local to the computer your trying to connect to.

EVsAreFast · March 23, 2020, 11:34am

@Robert_Harvey Microsoft has released multiple remote unauthenticated vulnerabilities for RDP. RDP should NEVER be on the internet unless the firewall is restricted to ONLY allow from that IP. NLA has been compromised as well. So, please do not recommend using alternate port RDP. Port scanners make finding it trivial.

@Ted_G_Freitas Use SH Technician OR another more end user focused solution (e.g. supported redirect printing, etc) like Anydesk.com which is pretty reasonable.

Doug_Steinschneider · March 23, 2020, 2:45pm

I have been getting by with 2 technician licenses for the routine patching, installing and remote support. Many of my customers have asked if they could use the support system to connect to their desktop as we do.

I would like to propose that SimpleHelp evolve their software and licensing mechanism to accomodate an automated way to add a single computer and it’s user to our license for enduser with a single annual subscription of $60 that I can turn around and bill out to the client.

Alan_Sidles · March 23, 2020, 9:14pm

There are other options available depending upon your OS. For example: If you have Windows Server 2012 R2 or later you can deploy the Essentials Experience. This will allow access to data via IIS and desktops via RDP over https. You will need a static IP and an SSL Cert.
You could also deploy a terminal server, but that requires a bit more work and additional licensing.

Darrell_Swafford · March 24, 2020, 1:56pm

SimpleHelp I dont think was really made for this.

I would look into something like Chrome remote desktops access solution. I think thats more what your looking for. https://remotedesktop.google.com/access

Its simple to setup and easy to use. I haven’t had any problems with it.

Ted_G_Freitas · March 24, 2020, 2:14pm

Yeah it does work well the only issue is that it circumvents all the protections that we put into the network to make sure that we know who’s accessing desktops from remote. At least by using a tool like simple-help we would be able to control and log the access.

realmx2 · March 24, 2020, 9:41pm

Our stance on rdp stuff…
RDP open to internet = bad (you are asking for it)
RDP through remote desktop gateway with Duo = much better (if accessing termserver, not good solution for accessing non-server)

If they have server:
We setup L2TP (with pre-shared key) on server and then have them RDP to their workstation from there

If they don’t have server, but have NAS we setup L2TP on NAS

If they don’t have server, but have ubiquity router (we like the $50 edgerouter x) we setup openvpn on router and use openvpn with certs for remote access

If they have none of those things we use splashtop, it’s cheap and easy to setup and does remote printing and everything else. It’s $250 for a year for 100 machines and you can setup separate users for separate clients and assign them to only be able to access their own machines. Works to access mac and windows, works from mac/win/mobile.

Matt · March 25, 2020, 9:16am

I have just deployed 6 windows direct access servers in each market and users can connect to everything on prem without the need for VPN.

You need a VM running server 2016/2019 though and will only work with windows 10ish… 7/8 suck

really cool solution, very easy to setup and FREEEEE

Ted_G_Freitas · March 25, 2020, 11:58am

Matt,

Thanks for the info. It looks like the client computers have to be AD Joined though. So, this would not work well for BYOD devices, but hey, I learned something new!!

Doug_Steinschneider · March 25, 2020, 6:40pm

Thanks - lots of ideas to look into here. Didn’t know Splashtop has the 100 machine license that can be set up for different users.

Antony · March 28, 2020, 11:53pm

Hi everyone,

I just wanted to let you know we have an announcement related to this discussion:

thanks

Antony