Do you allow users to access their work computers from home using Teamviewer or AnyDesk? instead of VPN?
Teamviewer is Banned in my ORG.
No. We don’t even allow vendors to use them to manage their stuff.
Nope. Never.
Computer will not get traffic until it’s connected to VPN.
Teamviewer has been blocked on our PC for several years after some vulnerability / compromise was reported.
Vendors can access network via Vware VMs if they don’t have a company provided machine.
Teamviewer takes only a few days to realise it’s being used in a commercial context, then you’re stuffed.
Correct solution is VPN, then RDP to Desktops given IP Reservations, with RDP allowed on local firewalls.
You’re asking if people allow 3rd party non-auditable backdoors directly into their networks?
You might be able to do that for 1 or 2 people at a small office of a dozen or so, but anything bigger or more serious than that you should knock that crap off.
No. VPN, VDI, or you’re out of luck. Even BYOD email access is only with approval and in a MDM sandbox.
We use RDS Gateway and/or DirectAccess. If you are paying for Teamviewer it would work but I think it gets expensive quick.
RDP over VPN for company issued devices, TeamViewer for personal devices. We audit the TeamViewer connections regularly and rely on user education for security best practices.
If you don’t want to use VPN, you could look at something like SecureLink. We use it for outside support staff and contractors etc.
Ditched TeamViewer over pricing and security issues.
I use Remote Utilities instead - has its issues but I can host the entire thing end to end myself which I like, and their pricing model is pretty nice. The quick support app is really helpful as well.
I wouldn’t replace a VPN with it, but it’s great for support and if you had to I guess you could.
TeamViewer requires a license in a corporate environment…
Can you do RDP via VPN using the name of the machine and not the ip adress?
I can’t seem to make it work with the computer name. but the IP adress is fine.
You need to setup DNS Suffix matching on your VPN.
You can, but you have to use FQDN, not just the pc name. I believe your vpn client also needs to provide the domain dns to the offsite client pc.
We got this working smooth for staff on windows pc at home, but our Mac folks are using IP addresses.
No, only via IP.
Remember, a VPN attaches you to the network, it’s not a NETLOGON, so there is no DNS capability.
What I’ve found the syntax should be in the RDP:
PC_NAME.DOMAIN.DOMAIN_EXTENSION
I’m surely not right because that doesn,t work ahahaha
This is wrong on quite a few levels.
DNS is 100% possible via VPN.
You may need to use FQDN to reach the desktop if you have split tunneling enabled, otherwise all DNS requests will just goto the DNS Server and be resolved. Otherwise you set a default DNS suffix on your VPN connection and your done.
Reserving IPs for workstations is just wrong.
Ok, so I will start implanting some fixed IP I guess. Thanks for your answer!