Remote fleet support and management?

I have a set of laptops that I would like to have remote access to, largely so I can handle support requests for offsite/ remote site tech support. so what I think I am looking for is a remote management software.

I have found Quasar and while the software has the potential to be used for great evil, cisa.gov has labelled the software as legit. and in my sandbox it doesn’t appear to be malicious.

Has anyone used this software or know of any issues?

Quasar, i believe, is similar to tools from Faronics, and Kasae. They really are designed for LAN use, and while they can be made to work accross the internet, there are more cautions and caveats to keep in mind.

you may look into things like Guacamole https://guacamole.apache.org/ open source and free, or Bomgar Secure Remote Support Software (Formerly Bomgar): Remote Desktop & Mobile Support | BeyondTrust neither open source, nor free, but very good.

if you clients are always connected via VPN to some sort of AD Domain, you could just use the built in MSRA and RDP, with that combination you have the exact same end result as third party remote management utilities.

1 Like

I would love to get AD and a vpn set up, I’m partial to wire guard, but I have yet to get it configured properly. I’m sure I can find some sort of guide on the site here.

1 Like

Does your company own the machines? … or are they BYOD?

Asking because…

a) if your company owns the machines, then
… setting up AD would allow domain user accounts to have local admin privileges on the machines which would allow you to enforce things like updates, and ensure various security settings are set reasonably, which would make access to any shared resources safer.

b) if on the other hand,
… he machines are BYOD, it’s important for people to understand that folks such as yourself would have permissions to “snoop around” and do stuff with their machine in order to protect shared work resources, and maybe they won’t exactly be able to do everything with their computer that they used to.
Practically this means, they can only use their computer for basic stuff, email/netflix/whatever…

But, installing software, especially usually games, (because crashy sucky DRMs), pirated software, doing anything potentially controversial, … maybe they’d better not do that on a BYOD work computer.


There’s also CAL costs to consider (a truly genius idea from Microsoft), basically as soon as any of the windows computers accesses any Microsoft server product (AD/DNS/SQL server or whatever), you need this awkward license… if you stick to Samba and don’t use MS services you get to avoid the average $100/month fee.


BTW,

There’s also https://remotedesktop.google.com … which is far from perfect but there’s nothing to install and doesn’t rely on AD (which you don’t have yet).

Also, various VPN, mTLS, single sign on solutions are also regularly mentioned on these forums … I mention it because it seems to be the direction you’re going in.

the company owns the machines, but most are not running windows pro licenses so, no AD as of now.

I inherited a mess, and Want to make my job easier over time, just got a lot of whack a mole to play until that happens it seems.

I’m guessing you have somewhere between 10 and 50 machines to take care of?

1 Like

that would be correct.

If you’re not already running on-prem AD (and you aren’t with non-pro windows client), you may want to consider “modern” device management.

I haven’t done it, but if you’re on Windows 10/11 and have an AzureAD tenant (and relevant license, blah blah), end users can enrol their devices to your organisation and then you can push policy/settings/etc., that way to a degree.

Microsoft endpoint management via endpoint.microsoft.com may be the ticket if you don’t have on-prem AD and domain joined clients.

That won’t get you Remote Desktop, but it will get you policy management. If your org is running a 365 tenant already, this is the way I’d go.

Are you running Office 365 across your users/fleet?

1 Like

(Price optimizations? $32/month for Microsoft 365 E3?)

I asked about the number of machines/clients to be able to “estimate” how much on site scripting/hacking development is worth vs. just paying a vendor.

e.g. with a 5 person team dedicated to this, you could go 100% opensource server side and forego any additional payment to MS, but having that full time team costs between $500k-1500k / year in salaries and HR overhead + 100k - 300k in hardware. You’d need them to produce a solution by yesterday in order to have a 3year ROI… IMHO, not worth it for 50 machines.

If you had 500 machines, yeah - hire a team and maybe ditch MS if your 500 end user workload allows it, or maybe have them work on other stuff depending on whether you can use the devs efficiently in better ways.

Otherwise for 10 hosts, or even 50… meh, pay the tax.


BTW, once your have AD you can script the installation and configuration of any software, incl. any kind of free and opensource VPN and remote desktop solutions - there’s plenty out there.

1 Like

Obviously assuming the standards like TeamViewer, ConnectWise, etc are out of consideration due to cost, have you checked out https://www.itarian.com/? I think you can deploy just enough agents to keep it free… But Zedicus recommended Guacamole which could be a viable solution for many desktops and also open source!

Actually looked into Endpoint management with 365 and looks like they have a Remote Desktop style feature in preview. So you could Remote Desktop to the machines with no VPN etc. using this service.

Yeah, but if I was starting out again today I would not implement on-prem AD. Even with a hundred or more machines.

Once you do, you’re kinda committed to maintaining that on-prem environment and it makes things a lot more complex (syncing ad to azureAD, managing the AD schema for on-prem vs. cloud, etc.), Pro license of Windows for every endpoint, maintaining AD (which is a security nightmare now) etc. vs. just doing everything in 365.

I agree with you on the numbers vs. cost/strategy though.

Much as I dislike Microsoft, I’d LOVE to ditch the entire on-prem platform and go 100% 365, given we are in bed with Microsoft for various reasons anyway (due to things like PowerBI being a lot more cost competitive vs. other alternatives, various industry specific apps being tied to it, etc.)

I use mesh central and have been pretty happy with it

No I wouldn’t either, done it plenty of time before, back in the day when azure ad was not an option. It’s definitely doable technically, but it’s a significant amount of work to keep up.

If it’s a medium/large org, e g. 100/200 users and above, it might be worth considering some hybrid solution, in order to not have a bad day when some poor soul at Microsoft had a bad day and their cloud goes away for a few hours due to DNS issues (like we’ve seen before).

The Hybrid of cloud + on prem in this case, I’d be considering would be something like Azure AD(cloud) + AWS or GCP Windows VM (on-prem).

Reason for on-prem bring in a different cloud is because managing your own on-prem windows hardware properly… backups+security+reliable power+fire systems+reliable networking across multiple ISPs for redundancy… IMHO, it’s too much mechanical busy work, even if you can throw windows server into VMs, and migrate it around a couple of run off the mill dell or gigabyte machines, and even if you cut some corners when it comes to your server room … it’s still a lot to deal with for one person.

As an individual admin, I’d maybe consider a local, on-site, AD replica only if
a) there’s a lot of local windows machines or AD clients (e.g. 100+ in one building or in one network)
b) there’s enough resources in the company to support the maintenance

… and even then, I’d think hard re whether these caching DCs can be a pair of easy to throw away, encrypted root Linux boxes running samba, that are trivially rebuildable from Ansible or a docker-compose kind of setup. That way, in theory, if they die, you can just grab and repurpose first PC you have lying, or just show up with a third machine ready to go, and make up for it.


One thing that looks interesting but I (fortunately for me) did not have to look into before, and don’t have personal experience with is Jumpcloud and similar competitors. Them not being Microsoft might make them more open to integrations with various third parties that may be Microsoft competitors.