Amazing Charts User Board
Most Recent Posts
Up dating AC
by Bert
Practice Fusion Joins The Rest: Time To Start Paying
by JamesNT
E-Rx with Exostar, as Verizon will no longer support Controlled E-Rx
by Bert
10:53 PM
Reports and searching addendums
by EyeGuy
09:35 PM
AC becomes unresponsive
by koby
07:04 PM
MIPS/MACRA attestation
by SoCalFP
08:01 AM
Preventing Scheduling with a Physician who doesn't take insurance
by Wendell365
02/23/18 11:24 PM
User preferences
by Tomastoria
02/23/18 12:43 AM
Free Up Space
by koby
02/22/18 10:01 PM
AC in the cloud vs. server based
by jimmie
02/22/18 06:07 AM
Archiving old patients from AC data base
by JamesNT
02/21/18 05:14 PM
Printing growths charts
by Boondoc
02/21/18 12:28 AM
MACRA/MIPS requirements for 2018
by Tiffany
02/20/18 04:15 PM
AC access slow, aka server is slow
by Bert
02/19/18 03:26 AM
Labs and Diagnostics.
by Dru
02/18/18 07:15 PM
Topic Options
#71999 - 11/22/17 08:16 PM how to disable chrome browser extensions, windows server domain
beagle Offline
Member

Registered: 09/07/10
Posts: 136
Trying to close security holes.

Running Windows 2012 r2 server. Workstations use Chrome browser. Staff inadvertently installs chrome browser extensions including shady redirecting ones. They do not have admin privileges.

How do I disable adding chrome extensions beyond the ones I choose? Group policy possible?
_________________________
Larry
Solo IM
Midwest

Top
#72000 - 11/23/17 12:21 AM Re: how to disable chrome browser extensions, windows server domain [Re: beagle]
JamesNT Offline
Member

Registered: 12/30/09
Posts: 984
Loc: North Carolina
_________________________
James Summerlin
My personal site: http://www.dataintegrationsolutions.net

Top
#72001 - 11/23/17 06:12 PM Re: how to disable chrome browser extensions, windows server domain [Re: beagle]
beagle Offline
Member

Registered: 09/07/10
Posts: 136
thanks i'll try it and report back!

knew i could count on the experts here.

i also bought chromebooks for the employees, all personal websurfing and email to be on those not the workstations. they are on the my office network, thoughts?
_________________________
Larry
Solo IM
Midwest

Top
#72002 - 11/24/17 01:05 AM Re: how to disable chrome browser extensions, windows server domain [Re: beagle]
Bert Online   sick
Admin

Registered: 09/27/03
Posts: 11333
Loc: Brewer, Maine
Hi Larry,

A few thoughts. First, wow. Good for you. Many on here, and I understand will say do not let employees play with email and web surfing at all, but you do, so let's go with that.

I don't know if you are talking wireless or wired, but either way, I like this idea the best. Personally, I would make sure it is a COMPLETELY different network with a completely different subnet. Absolutely no way of someone hacking in. So, I am sure you have a modem connected to a router connected to a switch which supplies all of clients and server with connection to the network and Internet, etc.

You can get a small Netgear switch and connect the modem to that switch. Now run an Ethernet cable to your network router. You now have the same network you started with. Take another Ethernet patch cable, run it from the small switch to a router, which is going to be the router/firewall for the isolated network. You can connect that to a different switch to the Chromebooks or you can connect to one of the patch panels that runs to an Ethernet jack of your office, which could be wireless.

Yes, you could do a similar thing with a VLAN on your switch, separating the two. I just do it this way, because there is absolutely no way to get into my network this way.

One idea I will throw at you. I used to block the Internet with some very good software. I haven't lately. I use it for discipline, shutting it down for two days. No cell phones are allowed. I don't allow Facebook at all except lunch, and I do NOT allow personal email, mainly web mail such as Gmail.

I allow the use of personal email on Outlook ONLY. Only one employee abused it. The reason I do it this way is because my Exchange is set up for email accounts for each user. There is also an archive account, which gets a copy of any email going out/in or most importantly, between users in the office. The employees know, and it is written down, that the computers are the office's and all email belongs to the office and can be subject to inspection at any time. I don't look at it, but I can. I got burned once by an employee and a bogus harassment suit. One other employee tried to do the same, and there were quite a few emails from her to other employees and to friends about lying about it. Any deleted emails, besides being backed up, are always in the archives. They don't know that. Plus, while maybe not yet, many businesses such as banks, etc. are required by law to have backups of all emails. Having the archives set up is helpful. Just a thought.

The other thought is that with Exchange and using Outlook, all email is encrypted and at least going out, but all email in the office is HIPAA compliant, because it only runs over the network. Do you think that employees may write stuff about patients and then take them home or it be less secure?
_________________________
Bert
Pediatrics
Brewer, ME

Top
#72025 - 11/27/17 03:14 AM Re: how to disable chrome browser extensions, windows server domain [Re: beagle]
Tomastoria Offline
Member

Registered: 03/28/11
Posts: 619
Loc: Astoria OR
We gave up on the ADSL from QWEST, and switched to Charter -- generally much better, but it has its own problems.
Kept QWEST as a backup, but now we use it for the employees and public browsing. Absolutely no connection to the office LAN.
_________________________
Tom Duncan
Family Practice
Astoria OR

Top
#72035 - 11/28/17 10:26 PM Re: how to disable chrome browser extensions, windows server domain [Re: beagle]
Indy Offline
Member

Registered: 06/23/09
Posts: 1744
Loc: Western US
Originally Posted By: beagle
thanks i'll try it and report back!

knew i could count on the experts here.

i also bought chromebooks for the employees, all personal websurfing and email to be on those not the workstations. they are on the my office network, thoughts?


what is optimal is to split the network at the provider device, e.g. cable-modem with a switch as Bert suggested.

a separate wifi router for staff personal use, patient use, along with activate hours (only usable during office hours) keeps folks from "riding" the public network off-hours. This model has worked well for the practices we have implemented.
_________________________
Indy
"Boss"

Indy's Blog

www.BestForYourPractice.com
Our Name is Our Creed

Top

Moderator:  Indy, JBS, Sandeep 
Shout Box

Who's Online
0 registered (), 2 Guests and 42 Spiders online.
Key: Admin, Global Mod, Mod
Top Posters
Bert 11333
JBS 2513
Sandeep 2210
Wendell365 2196
ryanjo 2005
Leslie 2002
Wayne 1889
Indy 1744
Steven 1718
hockeyref 1673
Newest Members
taz, Cronus, DanARS, lajohnston, JessieARS
4444 Registered Users
Forum Stats
4444 Members
16 Forums
7911 Topics
71115 Posts

Max Online: 186 @ 11/25/17 05:44 AM