![]() I don't know how it would scale - only a handful of users have access (through desire/need rather than a sense of privilege) and it's there for a specific purpose at the moment, that of reading/approving reports twice a year. It works okay for us and doesn't connect their equipment to the network. Briefly, we allow remote desktop connections from users personal equipment through a SSH tunnel. I outlined our approach in a similar thread earlier this evening and came across this thread later. We don't provide our teachers with a school issued computer and do not use a VPN. ![]() and a hefty AUP to go with it, backed into our contract of employment.Quite. At work (an LA) we use Citrix with 2-factor authentication and restrictions on access to local resources. To be honest, if you are starting to go down the route of using home devices to connect then you have to start coughing up some cash at the school end to protect yourself. Then allowing them direct VPN access to your network should be taken with great care, just the same as BYOD devices within school. ![]() If your letting teachers use their own ( or unsecure provided equipment ) who regularly visit MP3 & torrent download sites, let their kids play java games on the latest insecure site, click on the link that says "YOUR COMPUTER IS INFECTED CLEAN UP NOW", have kids who are hackers, send out their entire email address book to every virus writer in the world, ETC ( Add everything that seems to happen to "Unsuspecting" users. Bearing in mind we issue a notebook PC to every member of teaching staff.Ĭurrently looking at the updated Direct Access feature of Server 2012 - wasn't possible for us to implement it with 2008 R is looking extremely promising If your providing devices, and have them locked down then it's a viable solution. We have a VPN for our staff powered by Forefront TMG - nice stable and secure all staff do is double click on a shortcut on their desktop and boom its like they never left the school. most folk I know who have tried to set it up have had serious issues doing it with XP SP3 or Vista (ie it has not turned on the security) so when authorising RDP access for Northants schools I will only do it if they are using Server 2008 R2 and Win7 clients. The Becta advice (released before MS Server 2008 R2 was out) really looked at ideas such as Citrix and Oracle SGD (or Sun SGD as it used to be) but this can be really costly for many schools not already going down this line for thin clients. and that the device (laptop) is not used by others (eg their family as a games machine). You should have policies in place to tell staff that if they are doing this then they do not do it in a public place (where the screen is viewable by Joe Public), that they don't email themselves the data because you are restricting access to the local printers, USB sticks, etc. I would also set restrictions so that you cannot transfer files from the RDS to the accessing device (basically you lock out USB, access to locally shared printers, etc).Īlso be aware that technology is not the only answer on this. The device is authenticated as a valid device before a session is initiated, the user is then authenticated against the AD. I believe the area you are looking for is Configure Network Level Authentication for Remote Desktop Services Connections
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |