Hello, I am a sysadmin for an MSP. A few of our clients use software called eClinicalWorks. eClinicalWorks switched to logmein to remotely log into PC's and assist our clients. Well, now the clients are calling us every time they put in a ticket with ECW becasuse they cant remote into their PC without admin credientals.
Users go to this site, which seems to be the same as logmein123.com and they get prompted for administrator creds while running the downloaded app.
How can we provide access to all our users without giving them administrator or install rights?
Hi @Echo4554 Have you checked this Authentication setting for Rescue techs?
Sorry, I dont follow. The users download a file from logmein123.com and then they get prompted for Admin Creds. I'm not sure where this 'Organization Tree' and 'Technician Group' settings are. Would these directions be given to eClinicalWorks?
Yes exactly. These settings can be found in the Rescue Administrator Center. That center is available for the administrators who manage their technicians under the paid Rescue account. I assume that you are IT admin on the end user/applet side not in the Technician(probably eClinicalWorks) side.
If you are not responsible for the Rescue Administrator settings, than this is not your cup of tea but the other company's administrator's.
I support many private medical practices. ECW made the right move to switch to LMIR over their previous VNC support.
As a sysadmin, you should be happy they need to put in admin credentials on a non-admin account. Don't let ECW talk you into making local users admins to circumvent this. If anything it should be two-factor authentication for admin access.
@Echo4554 I also work for an MSP that has a clinic that has a vendor that only insists in using LMI Rescue, which is completely fine, but we also have this problem of the remote connection asking for admin credentials to run. This is totally unnecessary as they will only make some configuration changes to the program settings which do not need admin credentials to perform. I also noticed that they ask for too many permissions, such as file transfer and being able to start and end a system process. I'm more worried about the former than the latter, but it still irks me about the amount of permissions that this executable asks for. Is there any way for this vendor to make it so it doesn't ask for admin permissions (just work with the user session permissions of the current profile) and to make it so it only needs to RDP and maybe access the clipboard?
I am sorry @AngryMSP , for various security reasons we will probably never drop the admin permission requests.
Can you provide me with some documentation or a link to some docs that explain why this executable has to inherit admin permissions to work? And why there isn't a liter version of the client that can run without said permissions, like with other RATs?
I also would like to know if an LMI Rescue admin (in this case, the 3rd party vendor) can edit the permissions that this executable asks for when starting a remote session. This would be file transfer, running scripts, etc. Thanks for your help!
We have been using LMI Rescue for a while and have found it very useful. Currently we have our users go to logmein123 and enter a code. They then download the file to start the connection. The problem we often have is they are running this on our corporate owned devices and are not admins. I know there's a way to enter creds and start as a system service to get around this. I'm wonder if there is a way to preinstall something (or configure a service) so they can just enter the code on the site and connect? I can't use unattended access because our user will never go for us being able to remote to their machines without them initiating it. Any ideas?
@WallaceAustin The only other option we offer without admin credentials needed for your clients is the Instant Chat functionality.