Secure User Profiles
When you use your computer all day, you appreciate being able to customize the settings to make things more intuitive to the way you like to work. In the Windows operating system there are a lot of registry and system attributes that get stored in a user profile, and allow the computer to remember such items as the image file of your background wallpaper, the notification noise to play when you get an email and when to run your antivirus scan. At subsequent logons, the system loads the user profile, and restores the settings.
Trouble happens when a user chooses to turn off antivirus just because they don’t like the performance slow down when it does the full disk scan. Before you know it, you can end up where some of the IT management priorities are being over-written due to users’ convenience. Removal of these security settings can lead to malware or even serious data breaches.
To overcome the conflict of priorities, Windows allows some profile settings to be set by an administrator and locked so they cannot be changed by a user. Furthermore, the settings can be assigned as a standard to a whole group of users by using the Security Group features of Active Directory.
In this way it is possible to create and apply tiers of access in order to have differences in permissions between the following: IT Administrator / Executive / Team Lead / General user / Contractor.
Just Fix IT can guide you through applying centrally managed Windows user profiles and using our proprietary JFx HealthCheck monitoring and support tool to deploy updates behind-the-scenes.
- Restricting the use of Administrator access, to reduce the impact in the event of a hacker gaining unauthorized access.
- Automatically require login password to be refreshed every 60 days, and to make the length a minimum of 12 characters.
- Restricting who can load new software, to keep license counts compliant and to reduce the risk of malware.
- Limit which users have write-access to an external flash drive.
- Prevent deleting IT support tools and security apps (License files, Antivirus etc)
- Software patches and upgrades are applied automatically as they are available from the producer
- Different access for wifi for guest/visitors and office users
- Add a standard company signature/disclaimer to the bottom of outgoing company emails to improve branding and to help users identify fake phishing emails.
- Add all the network printer links and software drivers centrally instead of by device.
- Prevent the corporate background image on a Kiosk computer from being changed.
- All new users automatically see a set list of software shortcuts on their desktop to reach standard company software packages
- Locking down end-user desktops so they can’t be changed – See also [JFx Zero IT Lean Desktop]
One of our Wealth Management customers chose to engage Just Fix IT to evaluate the adoption of a new instant messaging tool for their staff. The more innovative employees were calling for video conferencing features and chat to improve communications when working remotely. The company Privacy & Compliance officer also voiced the needs for safeguards to be in place for PIPEDA and PCI compliance. Microsoft Teams service was selected as a flexible product that was easy to use but could be centrally managed with Group Policies.
By setting clear expectations (and code of conduct policies) around the use of video, and restricting how private customer data was used across platforms, the right balance was set between usability and security. Group permissions were set to allow recordings only on certain devices, and to restrict the copying of data to external flash drives. By working systematically through the requirements with an eye to security, the customer was able to apply often-overlooked settings relating to the retention period of data, create responsible parameters for external users that join meetings and confirm whether the data was kept in cloud storage in country.
Just Fix It can help you standardize your user experience with Remote Desktop Services:
Imagine the end-user who can leverage the power of a server’s multi-core CPUs to run their office applications. Remote Desktop Services (RDS), previously known as Terminal Services, is a component of Microsoft Windows. It equips a desktop user with the remote control of a virtual session running on a workstation or server over a network connection. When the virtualized platform runs on a server, the user benefits from the more powerful resources, and the version of the app can be standardized across all users. At the user’s end the local device can focus on delivering the screen refresh and passing along the commands and input from the controls.
Just Fix IT have mastered the deployment of the Remote Desktop service to allow users to work entirely from the private cloud when accessing company data and apps. We handle the licensing, the server resources and work with your CRM/ERP provider to move the user’s Windows desktop into a virtual session running on the JFx Managed Server.
- The Private Cloud server hardware is fully redundant, virtualized across multiple datacenters with multiple internet gateways.
- The server files are partitioned inside the Remote Desktop session and remain on the server. So the end-user could even run on a personal home computer without exposing data to the local machine hard drive. When the session terminates, there is no corporate data left behind.
- Just Fix IT deploys central RDS Gateways to provide customers with another layer of defense from internet prowlers who go around looking for open RDS connections on workstations and servers.
- User management is powered by Active Directory (AD) via Azure or can be customer-provided. For greater protection Just Fix IT RDS can be deployed with a two-factor authentication solution (link to subproduct 1d).
The Security Group features in AD allow easy deployment of Windows settings into user policies that align with your privacy and security goals.
Talk to us about easy ways to apply user policies to standardize your IT environment.
Talk with a Professional
Don’t hesitate to reach out and contact us directly. One of our team members will be happy to contact you back and start working with you to find the right solution for your company.