If you truly want to block the use of go to my pc, I would suggest approaching this from the standpoint of other users. You don't want someone in accounting who just got fired to be able to go home and utilize gotomypc. Therefore the gotomypc site would need to be blocked at the proxy level to ensure the security of the organization. Perhaps you can also look into some industry regulations about requirements of privacy, I am grasping at straws here, but talk to legal about what your role in HIPAA or Sarbanes Oxley might be. I haven't read the specifications, but see if there is something in one of the many regulatory compliance laws that you can leverage to your benefit.
Then I would setup a demo of the builtin rdp client on windows xp. You can access it by typing mstsc at the command line with no additional software if you are running windows xp. The only software install issue is if you want to use the cisco ipsec client as opposed to the builtin pptp client for accessing the network over vpn. Of course, if your managers are running something other than windows xp the rdp client will have to be installed. You could build packages for both rdp and cisco so that a single msi will install both packages preconfigured to your specifications. Consider that if your boss really wants this done, all your efforts to buck his decision could be a CLM. I would recommend against exposing each individual pc to the internet via iis and the remotedesktop activex component, but that is just me. > From: "Kern, Tom" <[EMAIL PROTECTED]> > Reply-To: <[EMAIL PROTECTED]> > Date: Tue, 25 May 2004 11:01:42 -0400 > To: <[EMAIL PROTECTED]> > Subject: RE: [ActiveDir] go to my pc, revisted > > 1. where? mostly from home, though i'm sure some will from hotels as well. > > 2.win2k/xp. > > 3.we have a cisco vpn concentrator > > 4.there's a desire to have them access their machines without any client > software install or config. > minimal involvment on their part is the attraction. > > thanks > > -----Original Message----- > From: Brent Westmoreland [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 25, 2004 10:10 AM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] go to my pc, revisted > > > Couple of questions Tom. > > Where do the managers want to access their PCs from? > > What is your operating systems base? Are all of your managers machines > windows xp? > > Do you have vpn enabled at your site? > > Is there a requirement that they be able to access the machines via a web > interface? > > >> From: "Kern, Tom" <[EMAIL PROTECTED]> >> Reply-To: <[EMAIL PROTECTED]> >> Date: Tue, 25 May 2004 09:16:30 -0400 >> To: <[EMAIL PROTECTED]> >> Subject: [ActiveDir] go to my pc, revisted >> >> i've posted before about this issue. a recap- my cio wants to give himself >> and >> some mangers access to their office pc's via Go To My PC. the attraction is >> no >> client to install and configure ala vpn or terminal services. >> i'm trying to push remote desktop web services but he's not bitting. he feels >> installing IIS and configuring it on the target pc is just as much of a >> headache( i counter that thats why you have a salaried IT staff and thats the >> price you pay for complete control). also, he thinks IIS has had a history of >> vulnerablities whereas Go To My PC has had none so far and is relaible. >> >> >> also, on my side, don't i have to then set up Port address translation on my >> firewall/router for this to work? the client would have to connect via ip or >> i >> have to make a dns entry on my public dns server for everyone who wants to >> connect to their office? i don't see that as a good idea ethier. >> i guess i'm looking for some more info on go to my pc and how it really works >> and why its a really bad idea(documentation or techincal reasons) and why >> jumping thru hoops to get remote desktop web is really worht it in >> comparison(disregarding vpn for the moment). >> and finally, someone has stated on this list that the target pc can only run >> on winxp but i see the activex control download for win2k and nt as well. >> >> Thanks and i apologize for bringing this up again, but i really HATE the idea >> of Go To My Pc and outsourcing my security to some third party. I just need >> some more ammo for my argument. >> List info : http://www.activedir.org/mail_list.htm >> List FAQ : http://www.activedir.org/list_faq.htm >> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > Sent using the Microsoft Entourage 2004 for Mac Test Drive. > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Sent using the Microsoft Entourage 2004 for Mac Test Drive. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
