Connect
Ask Community
Ask the community
Ask Community
  • Home
  • ChromeOS
  • Locking down remote support for library kiosks

Locking down remote support for library kiosksSolved

Profile photo of eliiza
eliiza
Participant
Discussion
Hexnode UEM
2 months ago

Hey guys, we set up chromebooks in our campus library for quick student access, running as Managed guest sessions. We need IT to be able to remote in instantly for support, but I need to block the guest user from somehow sharing their screen with their buddy’s personal laptop. I’m using hexnode. Is there a way to achieve that?

topic view count 19 Views

Tags

ChromeOS (16) Remote Access (25)
Reply

Replies (4)

Marked SolutionPending Review
Profile photo of edenpierce Hexnode Expert image
edenpierce
Hexnode Expert
2 months ago
Marked SolutionPending Review

Hey @eliiza,

Thank you for reaching out to us.
Hexnode does offers a wide range of settings in the Remote access policy under managed guest session that could help in your case. The key is controlling who connects. You need to set the domain for both sides, host and client:

  • Remote access clients: Put in your school’s domain. Only your IT staff with that email can start the remote session.
  • Remote access hosts: Put the same domain here. This is what prevents the guest user from using the kiosk to try and share its screen with any outside account.

This dual configuration provides the basic security lockdown you require.
Let me know if you have any other queries or need further assistance.

Cheers,
Eden Pierce
Hexnode UEM

Marked SolutionPending Review
Profile photo of eliiza Novice image
eliiza
Participant
2 months ago
Marked SolutionPending Review

Great, that’s very helpful thanks!

I actually have another question: Since student sessions are anonymous, we enforce a strict “no data transfer” rule during any support session. Is there a simple setting in this same policy or elsewhere in hexnode that prevents our IT staff from accidentally copying large files or sensitive clipboard data from the kiosk during a remote fix? We want to avoid any slip-ups that could lead to a data leak.

Marked SolutionPending Review
Profile photo of edenpierce Hexnode Expert image
edenpierce
Hexnode Expert
2 months ago
Marked SolutionPending Review

Hey @eliiza,

For your particular use case, you should check out the setting called Clipboard synchronization that you can configure within the same Remote access policy.

Just check that box and set a small limit like 1024 bytes. That size allows copying only short text (such as an error code or URL), but blocks large text blocks, documents, or files from being accidentally or maliciously transferred between the client (IT’s computer) and the host (the kiosk). It’s a simple but effective safeguard.

It’s a simple, yet highly effective safeguard against unwanted data transfer.

Please don’t hesitate to reach out if you require further assistance.

Best regards,
Eden Pierce
Hexnode UEM

Marked SolutionPending Review
Profile photo of eliiza Novice image
eliiza
Participant
1 month ago
Marked SolutionPending Review

Perfect. Just restrict the domain for remote access and limit clipboard size for data safety. That covers everything I needed, thanks a ton! 

Load more
Save
Related Topics

Leaderboard

Profile photo of bram Pro image
bram
1430 pts
Profile photo of timo-liam Veteran image
timo-liam
805 pts
Profile photo of wilma Veteran image
wilma
805 pts
Profile photo of raelynn Veteran image
raelynn
720 pts
Profile photo of remi Veteran image
remi
670 pts
View all

Popular Tags

ABM (35)
Android (348)
iOS (296)
macOS (376)
Windows (244)
Apple TV (27)
App Management (294)
Enrollment (68)
Location (22)
Kiosk (167)
Scripts (78)
DEP (37)
OS Updates (67)
Android Enterprise (84)
View all