back to article Surge in home working highlights Microsoft licensing issue: If you are not on subscription, working remotely is a premium feature

Working from home and want to access your PC at work? The best solution may cost thousands in additional Microsoft licensing costs. In the scramble to migrate employees to home working, there are issues for businesses who normally have staff in an office working on desktop PCs, or accessing network file shares and intranet …

      1. katrinab Silver badge

        Re: The most simple way is not mentioned here?

        We connect by rdp to the server for everything except for three people that have banking software that uploads bacs submissions.

      2. Jou (Mxyzptlk) Bronze badge

        Re: The most simple way is not mentioned here?

        > If you have a corporate laptop, why bother with RDP to the desktop?

        File sizes, and therefore speed. Have you ever opened an 10MB+ file in Office, Autodesk, Indesign, Photoshop (name yours) or just an Access DB (latter just as an example) over VPN? It takes aeons to open, and you end up with corrupt files way too often. Or take more complex constructions like ADDSION software or SAGE... Woah...

        If you have to do a quick and secure solution, do it my way. If you have enough time to design for this, like pumping up the office internet connection, you can choose other ways.

        And if you know BT, they are just like the German Telekom on that behalf: May take 6+ Month to get a bigger line.

      3. Farcycle

        Re: The most simple way is not mentioned here?

        Everything you need on the fileservers? - sure if you're just editing documents, how about the myriad of servers, networks and applications that many of us need to access daily that are blocked (quite rightly) over VPN access?

        If I use my company laptop from home I'm severely limited, RDP to that laptop sat on the company network from my home machine over VPN, which is definitely as secure as my work machine, and all functionality is available to me.

    1. bombastic bob Silver badge
      Devil

      Re: The most simple way is not mentioned here?

      RDP is interesting, if it's supported [it's likely a smaller business has HOME versions of windows, which don't allow remote-in].

      There is a VERY SIMPLE solution, however:

      a) VPN login to corporate network

      b) VNC server running on the desktop [you'll need to log in first and leave it logged in, turn off those annoying lock screens, etc.]

      BUT... if you run Linux or another POSIX operating system chances are you have OTHER things available, too, like ssh, "remote desktop" via the DISPLAY environment variable, and so on.

      VNC is probably the easiest (so long as you don't lose the login on the desktop)

      and when it comes to outright performance, remote X11 desktops are probably as good as (or maybe even better) than RDP...

      [I do not know if there's an open source RDP server out there for windows, but there MIGHT be one for POSIX systems...)

      It's also possible, on a POSIX system, to use something like 'Tiger VNC' to operate on its very own desktop. I do this a LOT to test X11 applicaitons. Run vncviewer on the main desktop, run the test applications on the tigervnc's X server with a different desktop (usually loalhost:1). There's really no reason you cannot have that secondary desktop running on a network-visible IP address, and then you just need to be able to VPN into the corporate network to access it.

      1. Jou (Mxyzptlk) Bronze badge

        Re: The most simple way is not mentioned here?

        > b) VNC server running on the desktop [you'll need to log in first and leave it logged in, turn off those annoying lock screens, etc.]

        Run it as a service. All those VNCs offer it, and work fine even if UAC is set to the highest level - which is the only correct level.

        But I prefer RDP when possible. Login is AD-Controlled (Single Sign On), and you can select which user can connect. Requires more work to do the same with VNC.

      2. phuzz Silver badge

        Re: The most simple way is not mentioned here?

        likely a smaller business has HOME versions of windows

        They're already breaking their license by doing that then. The Home version is specifically for non-commercial use. (Not that most small businesses care).

        Disabling RDP is one of the ways Microsoft differentiates Home vs Pro, to encourage you to buy the Pro version.

        1. Strahd Ivarius

          Re: The most simple way is not mentioned here?

          The distinction between Home, Pro, Enterprise, Education refers to features, not use.

          It is perfectly authorized to use a Home version for business use.

          1. jsa

            Re: The most simple way is not mentioned here?

            Yes, I believe it’s only Office where that’s a concern (I recall the Home & Student edition would even have a non-commercial use warning in the title bar at all times, to stop you forgetting)

    2. pstones578

      Re: The most simple way is not mentioned here?

      This will work but it is a clunky solution. In 2020 companies need to be better than this. I was doing this sort of thing over a decade ago.

    3. Anonymous Coward
      Anonymous Coward

      Re: The most simple way is not mentioned here?

      Not bad. Except if someone introduces a worm to the network that exploits an as yet undiscovered RDP bug or a variant of an existing one and your IT guys are on lockdown...you're fucked.

      I've put critical web based services behind a reverse proxy, (gitlab, SVN, etc) file sharing is now proxied through a Linux box (mounted SMB group shares symlinked inside SAMBA shared folders for each group) and that box is only accessible via VPN.

      Remote access to workstations is possible, but only on request if absolutely necessary.

      Email and conferencing is Office365/Teams as it has been for a while.

      Most importantly I have 3 encrypted off-site backups and a warm empty file server in the cloud if I need it, everything ready to go...just no data there until I restore it.

      Web services are already replicated to a warm set of DC servers for failover.

      All good. Everyone working just fine. Most issued with company laptops (at most 1 year old).

      Don't forget security and backups guys, you might not be able to get onsite if the shit hits the fan.

    4. Nitromoors

      Re: The most simple way is not mentioned here?

      That is a very poor solution. It requires the customer desktop to be up and running. not hung, rebooted or shutdown by accident. It's just about OK for a one of or a fudge for some small scale software issue such as a product that still need XP, but as a corporate business continuity strategy it should be a sacking offence.

  1. a_yank_lurker Silver badge

    Issue

    The issue is many organizations are not set up to have a large portion of their staff work remotely. Those that already were issued laptops with the appropriate software preinstalled so using a personal computer was not required (or often not allowed). I am not sure how using a home computer would affect the licensing, it is a rather messy issue. But if Slurp, et. al. wants to really anger potential ex-customers hammer companies over licensing during this time. It is not as if the customers are trying to violate their licenses. Also, I am not sure that many courts worldwide would look kindly on what many would view as a shakedown attempt to profit on the misery of others; not exactly a winning strategy. But Silly Valley is notorious for their collective tone-deafness.

    1. Doctor Syntax Silver badge

      Re: Issue

      "The issue is many organizations are not set up to have a large portion of their staff work remotely."

      So this will be an interesting learning experience for them.

      1. hoola Bronze badge

        Re: Issue

        If you have 20,000 employees then setting them all up to remote work is not a small or cheap task.

        Far too many on the Register comment as if 10 seats and a server with everyone an IT Expert are the norm.

        Anything is possible at a small scale when a very limited number of people are in control.

  2. Dan 55 Silver badge

    On the cheap

    TeamViewer on a non-commercial licence (cut off after 3 hours). That is the solution for my better half's remote access to her company computer.

    TV must have noticed a surge in non-commercial remote connections during office hours, I wonder when the push to get money out of that will happen.

    If that happens the company will probably tell her to switch to Webex or something. And her company is not short of a bob or two.

    1. cb7

      Re: On the cheap

      Google Chrome Remote Desktop also works a treat if you have the option

    2. damiandixon

      Re: On the cheap

      NoMachine... If you install was free last time I installed. Commercial is reasonable.

    3. John Brown (no body) Silver badge

      Re: On the cheap

      "And her company is not short of a bob or two."

      And yet they are cheaping out with the non-commercial, free, TeamViewer? Or is that WHY they are not short of a bob or two in the first place?

      1. Dan 55 Silver badge

        Re: On the cheap

        The company refused to pay for anything new (I guess that answers your question) so people started installing TeamViewer themselves to be able to work from home. I've done a deal with the devil and installed Chrome Remote Desktop as suggested above as a backup in case TeamViewer stops working.

        I also looked at M360 Remote Assistant but Mac-Windows isn't possible.

        Thanks for the suggestions all.

    4. Pen-y-gors Silver badge

      Re: On the cheap

      Teamviewer is quite neat, but has crazy licensing rules. They offer the free, non-commercial version - fine. But there is no option for 'light commercial' use. If you want commercial then it starts at £31.90/month! Crazy.

      1. Jou (Mxyzptlk) Bronze badge

        Re: On the cheap

        Try Anydesk. Which I use for my home administration of remote sites since Teamviewer pricing sucks.

  3. GlenP Silver badge

    Good Job...

    Good job I made sure we have enough CALs in place in advance then!

    Not having enough hardware is a more serous issue. We've just about managed to scrape together enough kit for our desktop users if/when it's needed (not everyone is working from home yet) but we've been caught out by headsets for VOIP and online meetings. Managed to get a few 3.5mm plug ones from Amazon (assuming they're not hijacked on the way) but no USB ones to be found.

  4. steamnut

    Licensing fever...

    I bet that our favourite database supplier will be keeping a close eye on accidental licence abuse. After all, they really need lots more users to "volunteer" to sign up to their cloudy systems.

    1. Anonymous Coward
      Anonymous Coward

      Re: Licensing fever...

      And this is why complex software licensing really is the work of the devil (one of his finest, it has to be said).

      Add on the hassles of horrible fiddly and unreliable licence servers, and all the registration and activation crapola that accompanies home use licences that make end users give up the will to live, and all these companies which make things far more complicated than it really should be just to buy and use their product are sitting there wondering why FOSS alternatives are often slowly eating their lunch...

  5. Teiwaz Silver badge

    Reminds me...

    Of that Monty Python sketchlet.

    "It's a living..."

  6. Cynic_999 Silver badge

    Microsoft doesn't make he only remote access software

    Apart from TeamViewer, there are several other applications providing remote access. I use VNC. This does not provide file transfers, which is arguably safer because any virus on the machine at one end cannot be unknowingly transferred to the other. When necessary, transferring a file can be done in several ways - email, uploading to a filesharing site, ftp etc. Works fine between Linux & Windows machines.

    1. Briantist69

      Re: Microsoft doesn't make he only remote access software

      - free MS RDC on Google play is really great on everything including Chromebook devices.

      - free MS RDC in Apple store works really well.

      The free Windows version - - does everything really well (as you might expect after 17 years of upgrade) including cut/paste of files to the desktop.

  7. Doctor Syntax Silver badge

    They'd better be careful with those audits. I feel sure that those businesses that survive will be looking very carefully at how they do business in the future. Becoming seen as part of the problem and not the solution will be a good way to lose business.

    1. Nick Ryan Silver badge

      ...and yet Oracle still exist? :p

  8. LeahroyNake Silver badge

    Other options

    We currently only use RDP for accounts / Sage, it's not supported by Sage but it works fine.

    Email is all OWA as we have on premise exchange so no issues there.

    Just bought some extra Screen Connect licenses and giving select users access to their office pc, not sure how that stands with MS licensing but they can take a log walk off a short pier.

    Our problem is that most of our customers are not sending us the usual level of work as it's split between retail / leisure and office machine support.

    Fingers crossed we get paid at the end of this month :/

    1. MatthewSt

      Re: Other options

      Sage have relaxed their licensing rules for the pandemic, and said that if you need to install it on additional machines (to work from home) then you can. They may ask you to remove it later though

  9. AJ MacLeod

    Open source never looked better

    My customers who are on 95% open source setups (Linux on servers, thin clients on desks - other than the odd machine for one specific application) are in a very much better situation today than those who have stuck with a 100% MS setup...

    1. Danny 14 Silver badge

      Re: Open source never looked better

      Why? We use laptops, they have w10 and vpn to rras on server 2016. Its a doddle.

    2. bombastic bob Silver badge
      Thumb Up

      Re: Open source never looked better

      My customers who are on 95% open source setups [snip] are in a very much better situation today than those who have stuck with a 100% MS setup

      awesome!

    3. Jou (Mxyzptlk) Bronze badge

      Re: Open source never looked better

      Well, it is not the OS, even if you try to push your religious view on us to make us believe so. It is how you set it up. You can mess up Linux as well as Windows.

      1. AJ MacLeod

        Re: Open source never looked better

        Yeah, but we didn't. And it's not a religious view - it's a rational conclusion based on over two decades of experience managing both alternatives...

  10. Anonymous Coward
    Anonymous Coward

    Working from home guide

    Work laptop, home pc, kvm switch and two monitors.

    That means work on one monitor and play videos and music on the other one. Got an incoming call from the office?Hit the kvm, space bar to pause and hit it again to get back to the work laptop. Want to play games to let off a bit of stream, emulator and a joypad. Want to do a bit of browsing add a second mouse. A damn near perfect setup in my opinion. It worked for me for nearly 13 years.

    As for these issues couldn't you use something like TightVNC to get round licensing?

    1. Jou (Mxyzptlk) Bronze badge

      Re: Working from home guide

      I have to kick in here: TightVNC is unencrypted. Even through a VPN it is a no-go since you cannot trust your LAN either with some creative coworkers capturing the unencrypted VNC traffic. TigerVNC is a spinoff with encryption implemented and free as well.

    2. bombastic bob Silver badge
      Linux

      Re: Working from home guide

      tightVNC lacks proper support, last I checked.

      Tiger VNC was forked from it. [that's what I've been using]

  11. Shadow Systems Silver badge

    Appropriate it's about virii...

    If I've got to choose between the Corona virus & a Windows VD, I'll pick the Corona as it only might kill me rather than give me a MS STD...

    I'll get my coat, it's got the bottles of Corona in one pocket & the limes in the other.

    *Cough*

    It's IT related I swear! We're talking about beer aren't we?

    *Pure, Sweet, & Innocent Grin(TM)*

    1. bombastic bob Silver badge
      Pint

      Re: Appropriate it's about virii...

      here, have another

  12. ecofeco Silver badge

    Home PC accessing the corporate network? Hell no!

    I haven't worked anywhere in the last 5 years that allowed a home PC to access the corporate network. Not even for the executives.

    1. Anonymous Coward
      Anonymous Coward

      Re: Home PC accessing the corporate network? Hell no!

      It’s not blocked, for us, but it definitely isn’t allowed. Oddly, a Linux VM can connect, using openconnect, and I’m not sure if corp could tell whether that VM is resident on the corporate laptop or some other device.

    2. Roland6 Silver badge

      Re: Home PC accessing the corporate network? Hell no!

      Bet they allow OWA...

      If you're prepared to take the licencing hit, WS2012 and later supports the Remote Desktop web client...

      1. Jou (Mxyzptlk) Bronze badge

        Re: Home PC accessing the corporate network? Hell no!

        It's not the licensing for me. I'd not put an RDP-Gateway on the Internet without additional stuff before that. Either require VPN, or set up a reverse proxy which does Auth before connecting to the RDP-Gateway. I'd choose a method where an internet café connection is not possible.

        1. bombastic bob Silver badge
          Devil

          Re: Home PC accessing the corporate network? Hell no!

          open listening ports for RDP or VNC are a _BAD_ idea, encrypted or otherwise.

          best to use an end-end enrypted VPN, and all access to the corporate network (including remote desktops) is through THAT alone. With some creative firewalling, you could prevent normal network access via the VPN, and only allow the remote desktop-ing.

          1. Nick Ryan Silver badge

            Re: Home PC accessing the corporate network? Hell no!

            Requiring a VPN connection instead of (prior to RDP) really isn't fixing anything much security-wise, it's just moving the point of attack slightly. Rather than attack an RDP connection malware attacks a VPN connection instead. VPN servers are probably updated even less often than RDP servers.

            1. Roland6 Silver badge

              Re: Home PC accessing the corporate network? Hell no!

              >it's just moving the point of attack slightly.

              But it is a useful move for Internet facing services.

              It also changes the attack. With a MS RDS Server directly visible on the Internet, you are enabling the full range of RDP/RDS exploits to be tried directly against a live server. The addition of a VPN gateway, means an attacker has to mount a (successful) VPN attack before they gain access to the RDS server.

          2. robidy Bronze badge

            Re: Home PC accessing the corporate network? Hell no!

            Have an upvote...it's a bit obvious.

  13. Long John Silver
    Pirate

    Oust dogs from mangers

    Setting aside the fact that response by the UK government, and some elsewhere, to the viral outbreak has been directed by ill-placed emotion (largely fuelled by MSM), panic (again MSM), and unsound advice (mathematical modellers usurping consolidated experience among public health practitioners and 'hands-on' infectious disease academics), this manufactured 'crisis' must not be permitted to allow consideration of so-called 'intellectual property' (IP) rights get in the way of sensible behaviour.

    Governments, those not entirely in thrall to rentier interests, either posses or can concoct legislation enabling suspension (even negation) of IP rights when well-being of the general public merits it. In this instance, governments could prevent IP 'owners' from seeking damages/payment for infringing activities within their legal jurisdictions during the emergency.

    Not just Microsoft should thus be dealt with but also a host of others. Patents relating to drugs and health technologies must not stand in the way of preventative measures and remedies. It should be permitted to ignore the egregious copyright attached to academic literature. Also, with large segments of populations confined to their homes it would be prudent to keep them entertained and one helpful measure would be an officially sanctioned blind-eye to copyright infringement relating to film, audio, and TV shows.

    Incorrigibly avaricious among IP rentiers would squeal like stuck pigs (porcine analogy being appropriate). The more sensible, both through genuine concern over public well-being and preservation of brand image, would not require prompting by governments.

    For instance, in the UK, Premier League matches are immensely popular; fans are charged exorbitant sums either through direct subscription or indirectly via what is in effect a surcharge on the price of beer and on products from 'sponsors' of the League. There are increasing efforts to stamp out unofficial live streaming of matches but success is limited.

    Consider the following scenario. The Premier League along with other producers of popular televised sporting products could announce free access to live streams, some perhaps going through unofficial sources like Kodi add-ons, for the duration of the crisis. Matches, tournaments, and athletics competitions, could take place in stadia devoid of live audiences. Similar considerations apply to other manifestations of mass entertainment. A potentially restless population, particularly younger folk and school children (a low risk group foolishly being denied education), could be dissuaded from mischief arising from boredom.

    Tears need not be shed for any rentiers (whether of patents or copyright). They would be 'doing their bit', possibly under duress. IP dependent industries accumulate considerable bulk of (porcine) fat; this acquired through monopoly protected price-gouging all along a chain of middlemen from producer to end recipient. Indeed, dissemination of digitally encoded entertainment, and information in general, no longer requires the plethora of intermediaries accumulated during the analogue era. Meanwhile, during the wailing and gnashing of teeth by purveyors of trivial 'content' there are previously solid companies, large and small, facing ruin and many (those without backbench MPs and government minsters in their pockets) unlikely to be bailed-out. Similarly, the pharmaceutical industry whilst promulgating lies about its price gouging being necessary for supporting R&D (basic research mostly takes place elsewhere and generally using public or charitable funding whereas development - testing of medicinal products - is given a hidden subsidy through access to NHS facilities) would benefit from shake-up arising from the current 'crisis'.

    We have a government that barely concealed its neo-liberal agenda. Present circumstances, particularly potential economic collapse triggered by inept handling of the epidemic, have forced grudging admission of existence of 'society', this disavowed by the late Mrs Thatcher, and recognition of communal inter-dependence. Remarkably, the USA, adopted home of the late Ayn Rand, may be following suit

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020