Amazing Charts User Board
Most Recent Posts
Up To Date issue
by jimmie
Today at 01:03 AM
Tampa Concierge Practice Seeking New Doc
by GatorDoc
Yesterday at 03:19 PM
Automated Vital Signs
by Indy
Yesterday at 01:22 PM
If you read nothing else about MIPS/MACRA please read this
by JBS
12/08/17 08:41 PM
Quality Payment Program Year 2: MIPS Highlights
by Boondoc
12/07/17 05:33 PM
Texting patients and doctors
by Boondoc
12/07/17 05:30 PM
Place a watermark on plain paper
by Tomastoria
12/07/17 01:52 PM
Philips SpeechAir smart voice recorder
by DoctorMel
12/05/17 08:16 PM
HP is installing a telemetry client - has your HP slowed down?
by Indy
12/04/17 05:46 PM
[Deal] Canon MF414dw $169
by Sandeep
12/01/17 09:15 AM
An added feature under Harris
by Bert
11/30/17 06:29 PM
Good deal on Revo Uninstaller
by Wendell365
11/29/17 04:39 AM
how to disable chrome browser extensions, windows server domain
by Indy
11/28/17 10:26 PM
not sending Rx's to printer
by Wendell365
11/26/17 05:37 PM
Censorship
by Bert
11/24/17 01:38 AM
Topic Options
#71999 - 11/22/17 08:16 PM how to disable chrome browser extensions, windows server domain
beagle Offline
Member

Registered: 09/07/10
Posts: 131
Trying to close security holes.

Running Windows 2012 r2 server. Workstations use Chrome browser. Staff inadvertently installs chrome browser extensions including shady redirecting ones. They do not have admin privileges.

How do I disable adding chrome extensions beyond the ones I choose? Group policy possible?
_________________________
Larry
Solo IM
Midwest

Top
#72000 - 11/23/17 12:21 AM Re: how to disable chrome browser extensions, windows server domain [Re: beagle]
JamesNT Offline
Member

Registered: 12/30/09
Posts: 958
Loc: North Carolina
_________________________
James Summerlin
My personal site: http://www.dataintegrationsolutions.net

Top
#72001 - 11/23/17 06:12 PM Re: how to disable chrome browser extensions, windows server domain [Re: beagle]
beagle Offline
Member

Registered: 09/07/10
Posts: 131
thanks i'll try it and report back!

knew i could count on the experts here.

i also bought chromebooks for the employees, all personal websurfing and email to be on those not the workstations. they are on the my office network, thoughts?
_________________________
Larry
Solo IM
Midwest

Top
#72002 - 11/24/17 01:05 AM Re: how to disable chrome browser extensions, windows server domain [Re: beagle]
Bert Offline
Admin

Registered: 09/27/03
Posts: 11219
Loc: Brewer, Maine
Hi Larry,

A few thoughts. First, wow. Good for you. Many on here, and I understand will say do not let employees play with email and web surfing at all, but you do, so let's go with that.

I don't know if you are talking wireless or wired, but either way, I like this idea the best. Personally, I would make sure it is a COMPLETELY different network with a completely different subnet. Absolutely no way of someone hacking in. So, I am sure you have a modem connected to a router connected to a switch which supplies all of clients and server with connection to the network and Internet, etc.

You can get a small Netgear switch and connect the modem to that switch. Now run an Ethernet cable to your network router. You now have the same network you started with. Take another Ethernet patch cable, run it from the small switch to a router, which is going to be the router/firewall for the isolated network. You can connect that to a different switch to the Chromebooks or you can connect to one of the patch panels that runs to an Ethernet jack of your office, which could be wireless.

Yes, you could do a similar thing with a VLAN on your switch, separating the two. I just do it this way, because there is absolutely no way to get into my network this way.

One idea I will throw at you. I used to block the Internet with some very good software. I haven't lately. I use it for discipline, shutting it down for two days. No cell phones are allowed. I don't allow Facebook at all except lunch, and I do NOT allow personal email, mainly web mail such as Gmail.

I allow the use of personal email on Outlook ONLY. Only one employee abused it. The reason I do it this way is because my Exchange is set up for email accounts for each user. There is also an archive account, which gets a copy of any email going out/in or most importantly, between users in the office. The employees know, and it is written down, that the computers are the office's and all email belongs to the office and can be subject to inspection at any time. I don't look at it, but I can. I got burned once by an employee and a bogus harassment suit. One other employee tried to do the same, and there were quite a few emails from her to other employees and to friends about lying about it. Any deleted emails, besides being backed up, are always in the archives. They don't know that. Plus, while maybe not yet, many businesses such as banks, etc. are required by law to have backups of all emails. Having the archives set up is helpful. Just a thought.

The other thought is that with Exchange and using Outlook, all email is encrypted and at least going out, but all email in the office is HIPAA compliant, because it only runs over the network. Do you think that employees may write stuff about patients and then take them home or it be less secure?
_________________________
Bert
Pediatrics
Brewer, ME

Top
#72025 - 11/27/17 03:14 AM Re: how to disable chrome browser extensions, windows server domain [Re: beagle]
Tomastoria Offline
Member

Registered: 03/28/11
Posts: 597
Loc: Astoria OR
We gave up on the ADSL from QWEST, and switched to Charter -- generally much better, but it has its own problems.
Kept QWEST as a backup, but now we use it for the employees and public browsing. Absolutely no connection to the office LAN.
_________________________
Tom Duncan
Family Practice
Astoria OR

Top
#72035 - 11/28/17 10:26 PM Re: how to disable chrome browser extensions, windows server domain [Re: beagle]
Indy Offline
Member

Registered: 06/23/09
Posts: 1717
Loc: Western US
Originally Posted By: beagle
thanks i'll try it and report back!

knew i could count on the experts here.

i also bought chromebooks for the employees, all personal websurfing and email to be on those not the workstations. they are on the my office network, thoughts?


what is optimal is to split the network at the provider device, e.g. cable-modem with a switch as Bert suggested.

a separate wifi router for staff personal use, patient use, along with activate hours (only usable during office hours) keeps folks from "riding" the public network off-hours. This model has worked well for the practices we have implemented.
_________________________
Indy
"Boss"

Indy's Blog

www.BestForYourPractice.com
Our Name is Our Creed

Top

Moderator:  Indy, JBS, Sandeep 
Shout Box

Who's Online
0 registered (), 6 Guests and 14 Spiders online.
Key: Admin, Global Mod, Mod
Top Posters
Bert 11219
JBS 2489
Sandeep 2198
Wendell365 2190
Leslie 2002
ryanjo 1997
Wayne 1889
Steven 1718
Indy 1717
hockeyref 1669
Newest Members
Dru, Daniel Negreiros, Dr Goodluck, lisablue, ykemulake
4415 Registered Users
Forum Stats
4415 Members
16 Forums
7854 Topics
70632 Posts

Max Online: 186 @ 11/25/17 05:44 AM