|
Richard MacCutchan wrote: And I suspect your IT department and company lawyers would hate you. IT security is a very serious business and in any corporate organisation it is important to keep good control in order to protect your financial and intellectual property. If you open up your corporate network so people can hook their own systems into it whenever they like, then you are likely to face some serious issues. However many promises people make and however many rules you ask them to follow, the system will be abused. My advice, don't do it.
Depends on the network setup. At the customer site I work at, the wireless and office network are 2 distinct and separate connections to the Internet. When connected to the wireless there is no connectivity to the servers available unless you connect in via the VPN or have a Domain connected laptop that uses Direct Access to connect in from anywhere.
If the Wireless and Wired network are all running off the same Internet connection and internal network, then like you say, runaway.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
quinet wrote: "When you come to the office, you will be able to plug your laptop into a
docking station with a large-screen monitor and a keyboard. You can log into our
network on your office computer, but not on any personal device.
In addition to our desktops we employ this setup for our laptop users. This is becoming more common as the power and memory capabilities increasingly are cheaper.
quinet wrote: "Your work computer will be a laptop that you can take home with you or take
abroad on your travels. When you receive this computer it will come with a
set of standard software installed, including anti-virus software. Thereafter
you have admin rights over this laptop, you are completely responsible for
everything on this computer, including backups, just as if it were your personal
property. When you leave our organization, you turn your computer in.
Again this is a great idea, but I would advise using some form of encryption. Bitlocker works well, but it depends on what OS you're currently using. They're are other software based encryption programs to use w/leagcy OS'. This still can create an issue as the user almost never do backups or willingly run AV scans. As long as you're using Active Directory you could push out Forefront and do Bitlocker key recovery. They still download willy-nilly programs like RegReviver and what not, but this gives you a stance on giving them an ultimatim. Either you behave with it, or we'll just re-image it when you screw it up. This tends to stop a lot of the BS downloaders, but not all of them.
quinet wrote: "If you want to access the Internet or printers with any device other than your
office laptop you can do so wirelessly."
We do this as well and it works very well, as it exists on an external network. This can present some issues too if you're in a building close to other businesses or the public I guess. We're fortunate to be "out-of-town", but I think this would still be an answer for the BYOD'ers.
Something worth reading, albeit it's invincible!
|
|
|
|
|
I just tried using Remote Desktop Connection today, accessing important apps on my desktop from my laptop, and it works great. But that was between rooms, using my home workgroup and the desktop computer name as the target, connecting over the wireless LAN. Now I want to go to the next level, and do the same over the Internet. The MS instruction fall a little short of covering that configuration. Here's my setup:
Internet -> cable modem/router -> Cisco/Linksys E4200 wireless router -> Wired connection to desktop, wireless to laptop.
The only routable IP address in the lot is the WAN address on the E4200, which is bridged from the cable modem. It's dynamic, and that could be a problem, but it wouldn't be too difficult to write a service on my website to allow me to look up the current IP address anytime I'm travelling. It hasn't changed in a couple of years, so that's not an immediate concern. What is a concern is that I don't know how to configure the laptop to connect to the home IP address, nor what ports and services I need to enable on the router to move RDC traffic from the router to the desktop, and back to the laptop in my hotel 300 miles away.
Can someone point me to the information I need to accomplish this?
Will Rogers never met me.
|
|
|
|
|
Services like dyndns.org allow you to get your IP address from a name, thus you can do a ping your-computer-name.dyndns.org .
To get from the internet into your private home network, you must configure port forwarding on the router.
|
|
|
|
|
Thanks... I found a website with instructions. There wasn't a whole lot of info from MS about which ports and protocols to enable, but the site gives a few clues.
Will Rogers never met me.
|
|
|
|
|
Roger Wright wrote: Thanks... I found a website with instructions. There wasn't a whole lot of info from MS about which ports and protocols to enable, but the site gives a few clues.
Roger, port 3389 is what you want for RDP but I would not want to open that up on my router and expose my network to the internet.
I'd seriously look at getting a little, low power, low heat output box, put a Linux Distro on it and SSH to the Linux Box (reasonably locked down) and SSH Tunnel through it to the Windows Boxen, Routers, Website stuff like your USB HDD.
I reckon you could easily work it out, but I could happily help you through, even give you a call on a landlne (if you have one) cause I can call you Yanks for free except for mobiles.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
Michael Martin wrote: Roger, port 3389 is what you want for RDP but I would not want to open that up on my router and expose my network to the internet.
My 5 to point this out.
|
|
|
|
|
Yesterday I would probably have pointed out that RDP is one of the safest protocols around. And that it probably isn't a safety problem to consider.
But today I think I'll pass.[^]
|
|
|
|
|
Quite right, Michael, but I just had to try it. I don't have the time to set up a Linux box, but I might one day.
A reasonably safe option is to set up a VPN connection to use when travelling, and Win7 supposedly supports that. But following the step-by-step instructions presented in Help simply doesn't work. I have no clue why, since Microsoft won't tell you what needs doing, but insists on providing a friendly, if retarded, "wizard" to do everything wrong for you.
Will Rogers never met me.
|
|
|
|
|
Roger Wright wrote: I don't have the time to set up a Linux box, but I might one day
If your willing to use CentOS (Red Hat Enterprise Linux with the copyright stuff pulled out, but built from the same source) I can send you a Word document on how to set it up exactly as I have. The joy of SSH is it is completely encrypted end to end.
Roger Wright wrote: A reasonably safe option is to set up a VPN connection to use when travelling,
and Win7 supposedly supports that. But following the step-by-step instructions
presented in Help simply doesn't work. I have no clue why, since Microsoft won't
tell you what needs doing, but insists on providing a friendly, if retarded,
"wizard" to do everything wrong for you.
The VPN Connection is easy to setup on Windows 7 (has been since XP) but do you have the VPN to connect to? Does your Router have a VPN built into it and is it activated? Otherwise you will need one running on your Windows 2008 R2 box and I'm not sure if one is built in or if it needs to be 3rd party.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
According to the "documentation" provided by Win7 Help, a separate server shouldn't be required. One little wizard configures the host machine, the other does the remote. My router doesn't have a VPN server in it, but I've enabled VPN passthrough to let the little buggers through. On making the connection, the authentication works - at least it completes without announcing any errors - then it proceeds to invoke a couple of miniport drivers, then just times out. The most informative I've been able to get from it is that the host didn't respond. Very curious...
I do have an old PC that I could use for Linux, so if you'd like to send along your instructions I'll give them a look. Thanks, Michael!
Will Rogers never met me.
|
|
|
|
|
I'll pull it out, clean it up and send it across in the next couple of days.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
Roger Wright wrote: I have no clue why, since Microsoft won't tell you what needs doing, but insists on providing a friendly, if retarded, "wizard" to do everything wrong for you.
this is the funniest thing I have read today. This is the real way to complain about something!
If it moves, compile it
|
|
|
|
|
Michael Martin wrote: I'd seriously look at getting a little, low power, low heat output box, put a Linux Distro on it and SSH to the Linux Box (reasonably locked down) and SSH Tunnel through it to the Windows Boxen, Routers, Website stuff like your USB HDD.
Sounds like fodder for a good article!
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Richard Andrew x64 wrote: Sounds like fodder for a good article!
About 3 years ago I mentioned on here that I would do exactly that, including SAMBA for file sharing and such, still haven't pulled the finger out.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
You could do what others have suggested or just get a subscription to https://logmein.com/[^]
From WIKI (logmein is blocked at my company)
LogMeIn remote access products use a proprietary remote desktop protocol that is transmitted via SSL. An SSL certificate is created for each remote desktop and is used to cryptographically secure communications between the remote desktop and the accessing computer.[4]
Users access remote desktops using either the LogMeIn Ignition stand-alone application or a web portal. The web portal requires either an ActiveX plugin for Internet Explorer, or an extension for Firefox (the LogMeIn plug-in for Firefox), or an extension for Safari (the LogMeIn plug-in for Safari), failing that it falls back to requiring Java in order to run a Java program,[5] and failing that it falls back to "a screen-shot-based HTML remote control".[6] The web portal also provides status information for the remote computers and, optionally, remote computer management functions.
The service connects the remote desktop and the local computer using SSL over TCP or UDP and utilizing NAT traversal techniques to achieve peer-to-peer connectivity when available.[4][7][8]
Common sense is admitting there is cause and effect and that you can exert some control over what you understand.
|
|
|
|
|
I'm not sure where this goes, but this is the closest forum I could find to what I wanted/meant.
I have been having lots of issues with my xp box at the office. We've tried many things, including a new nic. It seems to do everything slower than it's older counter parts.
Next thing we are going to try is a registry cleanup. I don't know any good ones. Suggestions? Any free one's would be good, mostly since we are not sure it will even work.
If it moves, compile it
|
|
|
|
|
Start with CCleaner[^] it was free and seems to do okay.
|
|
|
|
|
Easy enough to install and use. It'll take a me a couple days with some of our normal processes to test, but stuff seems to be a bit snappier already.
I was surprised at how many issues I had in my registry. I know nothing of ms registry
If it moves, compile it
|
|
|
|
|
Well, it seemed to work for some things. Including boot/startup time, browser speed, and programs opening.
However, that was not my problem
It's whenever I do things like spreadsheet processing, vb6 modules, etc. These exact programs work with the same data and all situations , faster on the other computers with smaller specs. This one is just slow for some reason, and I can't figure out why.
If it moves, compile it
|
|
|
|
|
Thus the "Start with".
I am not an expert, but thought the tip might help.
|
|
|
|
|
Right. The registry cleaner seemed to do exactly what it was supposed to. I liked the disk cleanup options as well. it did make an improvement on my computer. I just don't think it was the root problem.
You're solution did directly address the issue I was asking about. I just asked the wrong question it seems.
If it moves, compile it
|
|
|
|
|
You should check Task Manager and see how many services are running in the background. CRTL+ALT+DEL or right-click the taskbar on the bottom of your screen.
If Office is bogging down try running a repair on it through thr tools option in either Word or Excel.
Defrag your drive lately? I usually run it two-three times in a row once a month, or setup a schedule. People tend to forget that drive speed/age can have a nasty effect of a PC as well.
**Note: Before doing any manual registy cleaning > Right-click on MyComputer in Regedit and export the entire registry tot he C:\drive in a folder like "C:\REGBACKUP\, so if you have to do a commandline fix it'll be there.
Check in Regedit under HKEY Local Machine\software\microsoft\windows\currentversion\run and see how many "things" are trying to run on startup. I get rid of all of the Adobe, Java, iTunes, HP, or any other Updater that's in there.
You can also post what your's shows for us to look at as well.
Something worth reading, albeit it's invincible!
|
|
|
|
|
Windows XP had a "Run As..." command that allowed you to choose the user you want to run a program as.
In Win7, when I choose to run as Administrator, it doesn't let me choose which administrator.
Is there any way to run a program as a specific admin account in Windows 7?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
You may open the context menu with pressed shift key. Then there is another option "Run as different user" where you can enter a user name and the password.
[Update]
This is not necessary when logged in on a domain with Win 7 Pro. Then there is always an input field for a local administrator account name.
[/Update]
modified 16-Feb-12 3:24am.
|
|
|
|
|