[THIN] Web Interface -vs- The Humans - The saga continues
- From: "Pardee, Michael P." <MPardee@xxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Fri, 30 Jul 2004 10:05:22 -0400
I have previously written for help getting WI to work only for certain users
that are allowed to due to hourly employees working too many hours. The
thread is in here somewhere if interested.
I got a new one today and wondered if anyone had run in to this before...
Our WI server with CSG front-ends 6 farms. Some are XPe but many are still
MF1.8. we're going through a big migration, so the 1.8 is going away.
So when you login to WI you see a combination of apps that are running on
XPe/Windows2003 and 1.8/NT4. This convenience is fantastic. The issue is
that by default when you click on an icon for an app that is on Win2k3 you
are then prompted again for your credentials. This is exactly what we want.
When you connect to an app on NT4 is passes through your Wi credentials and
logs you in to your app/desktop. Convenient. But now it is a huge issue.
Example:
Employee goes to customer's location and uses customer's PC to look
something up in WI.
Employee runs the app they need to and log out of it.
They don't close the browser running WI.
They leave the customer's facility.
Customer returns to PC and can basically launch any app running NT4 via the
WI credentials already logged in.
This all has to happen within the timeout of the WI, which is what, 20
minutes?
Although I used customer's pc in this example, it could have been a public
library or any internet accessible computer.
So this has caused me additional heartburn for using WI. The funny thing is
I offered to just turn it off since everyone has so many concerns and people
went nuts. They love the convenience. Humans.
Anyone ha any suggestions? There is a setting on the NT4 servers that we
can set to force the additional login, but it will change how everyone
accesses app internally as well. They are used to logging in to PN and then
launching their app/desktop. Now they will have to login again, even
internally.
Maybe that is just a small price to pay for the added layer of security.
> Michael Pardee
Mailto:mpardee@xxxxxxxx <Mailto:mpardee@xxxxxxxx>
Email Confidentiality Notice: The information contained in this transmission
is confidential, proprietary or privileged and may be subject to protection
under the law, including the Health Insurance Portability and Accountability
Act (HIPAA). The message is intended for the sole use of the individual or
entity to whom it is addressed. If you are not the intended recipient, you
are notified that any use, distribution or copying of the message is
strictly prohibited and may subject you to criminal or civil penalties. If
you received this transmission in error, please contact the sender
immediately by replying to this email and delete the material from any
computer.
********************************************************
This weeks sponsor Emergent Online Thinssentials Utilities
Using the latest software, hardware, networking technologies, proven technical
expertise, proprietary software and best practices, EOL provides
custom-tailored solutions for each client?s mission and specific goals.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
