Forum Discussion

Echo4554's avatar
Echo4554
New Contributor
7 years ago

Admin Credentials Required

Hello, I am a sysadmin for an MSP. A few of our clients use software called eClinicalWorks. eClinicalWorks switched to logmein to remotely log into PC's and assist our clients. Well, now the clients are calling us every time they put in a ticket with ECW becasuse they cant remote into their PC without admin credientals. 

 

Users go to this site, which seems to be the same as logmein123.com and they get prompted for administrator creds while running the downloaded app. 

https://my.eclinicalworks.com/eCRM/jsp/meeting/joinMeeting.jsp

 

How can we provide access to all our users without giving them administrator or install rights? 

  • Anon3968's avatar
    Anon3968
    Active Contributor
    7 years ago

    I support many private medical practices. ECW made the right move to switch to LMIR over their previous VNC support. 

     

    As a sysadmin, you should be happy they need to put in admin credentials on a non-admin account. Don't let ECW talk you into making local users admins to circumvent this. If anything it should be two-factor authentication for admin access. 

    • Echo4554's avatar
      Echo4554
      New Contributor
      7 years ago

      Sorry, I dont follow. The users download a file from logmein123.com and then they get prompted for Admin Creds. I'm not sure where this 'Organization Tree' and 'Technician Group' settings are. Would these directions be given to eClinicalWorks?

      • sv5's avatar
        sv5
        GoTo Contributor
        7 years ago

        Hello Echo4554,

         

        Yes exactly. These settings can be found in the Rescue Administrator Center. That center is available for the administrators who manage their technicians under the paid Rescue account. I assume that you are IT admin on the end user/applet side not in the Technician(probably eClinicalWorks) side.

        If you are not responsible for the  Rescue Administrator settings, than this is not your cup of tea but the other company's administrator's.

        Regards,
        Sandor

  • AngryMSP's avatar
    AngryMSP
    New Contributor
    5 years ago

    Echo4554  I also work for an MSP that has a clinic that has a vendor that only insists in using LMI Rescue, which is completely fine, but we also have this problem of the remote connection asking for admin credentials to run. This is totally unnecessary as they will only make some configuration changes to the program settings which do not need admin credentials to perform. I also noticed that they ask for too many permissions, such as file transfer and being able to start and end a system process. I'm more worried about the former than the latter, but it  still irks me about the amount of permissions that this executable asks for. Is there any way for this vendor to make it so it doesn't ask for admin permissions (just work with the user session permissions of the current profile) and to make it so it only needs to RDP and maybe access the clipboard? 

    • AshC's avatar
      AshC
      Retired GoTo Contributor
      5 years ago

      I am sorry AngryMSP , for various security reasons we will probably never drop the admin permission requests. 

      • AngryMSP's avatar
        AngryMSP
        New Contributor
        5 years ago

        Can you provide me with some documentation or a link to some docs that explain why this executable has to inherit admin permissions to work? And why there isn't a liter version of the client that  can run without said permissions, like with other RATs?

         

        I also would like to know if an LMI Rescue admin (in this case, the 3rd party vendor) can edit the permissions that this executable asks for when starting a remote session. This would be file transfer, running scripts, etc. Thanks for your help!

  • WallaceAustin's avatar
    WallaceAustin
    New Member
    4 years ago

    We have been using LMI Rescue for a while and have found it very useful.  Currently we have our users go to logmein123 and enter a code.  They then download the file to start the connection.  The problem we often have is they are running this on our corporate owned devices and are not admins.  I know there's a way to enter creds and start as a system service to get around this.  I'm wonder if there is a way to preinstall something (or configure a service) so they can just enter the code on the site and connect?   I can't use unattended access because our user will never go for us being able to remote to their machines without them initiating it.  Any ideas?