Strategy for machines for employees at a small business

windows remote-desktop vpn deployment

Solution 1:

Remote desktop over VPN for everything risks being a truly terrible experience. Input lag. Slightly more difficult to support multiple monitor setups. Video or audio calls over IP possibly being complete garbage. Internet downtime means no work done, due to no local files or web browser available.

Delete the desktops. Buy decent laptops, and spares. Share the same models of laptop for both in and out of the office use cases.

Get tools to manage and secure devices. Which should be done in either scenario, which makes your argument that remoting into desktops is more secure not very compelling.

Issue hardware tokens for multi factor auth. Disk encryption. Force password change on loss. Remote wipe. Remote support procedures to fix or replace machines. Possibly outsource fixing hardware, to a vendor that does on site repairs or fast ship of replacement.

Related

sed linux replace complex link
What's your opinion (based on your experience with) Sandbox apps to isolate Windows programs?
How to connect to a remote server using "net use" with different port other than 445
Apache Rewrite Whirlwind
error getting ClusterInformation - Forbidden
IIS Reverse Proxy Fails without Trailing Slash
Installed xinetd, started it but said 'removing' on several services including one I configured in /etc/xinetd.d/
If-Modified-Since vs. If-None-Match
What are some behaviors/patterns that indicate that a host is degrading?
How to use expect command with .run program in replace for yes command
Dnsmasq not giving out second DNS
how to install old versions of FreeBSD? (FreeBSD 12.2p4)