Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

This document details what  needs to be done to help new starters get up and running.

Office based

User account NBT

Before the new starter arrives they need their NBT account set up. This is done through https://sdplus all new accounts need to be signed off by an authorised user currently this is Tim Whitlock (Deactivated) so requests are best done by them to avoid complications and delays. In the default signees absence Retha should be able to authroise a new account. NBT now quotes 8 days to set up an account. As part of the setup the appropriate group memberships need to be added to the account and access to shared mailboxes setup. This is most readily done by suggesting another users memberships to be copied. New accounts require a DOB which is used when authenticating the user for their initial password when they first login. After the account is set up the new starter will need to call the NBT IT Support on ext 2020 quoting the ticket number of the request to get their initial password which they will be required to change when they  first logon.

Once an email has arrived to confirm account set up it should be forwarded to HR Jennifer Barwelland the new starter will get online as part of their initial induction. It is also useful to check the AD entries for the new user to ensure they have been added to the correct groups etc. (Common mistakes are to not set the email to default to  @renalregistry.nhs.uk or to miss out email groups. )

Atlassian Logins

All new starters will need adding to Atlassian with access to confluence and the appropriate JIRA groups. This can be done via  https://crowd.renalregistry,nhs.uk. It is usually best to configure the account and then send a password reset via the crowd admin interface after the person arrives. This will allow them to set their own password.

ACT! if relevant

If the user needs access to act then they will need an account configured on ACT!. Currently all the read/write accounts are used so read only accounts are the only option. Due to the age of the ACT! version we can no longer install ACT! on computers so it is only available on machines that have it installed. It is planned that ACT! will be replaced by CIVICRM as part of the new website development so it is likely that accounts on the new website will replace the current ACT! accounts.  

NHS.NET email

Usually the email from HR will identify if an NHS.NET email is required. This can be configured by either Tim Whitlock (Deactivated)or George Swinnerton. If the new starter already has an NHS email from their previous employment that email can be transferred to the UKRR account but must be marked by their previous employer for transfer before we can take it over.

Remote Worker

A remote worker will typically require some extra hardware to work remotely so in addition to any of the accounts detailed above they will need the facilities for remote access to be configured. 

Laptop

Each remote worker will have their own NBT laptop. These laptops are configured to use the NBT VPN and are encrypted.

Remote access has been made a lot easier with the roll out of global protect. Laptops will have this installed by default and it will magically know if the laptop is connected via the internet or on the local hospital network and ensure all a secure connection exists. The drives will all be encrypted with bitlocker as the roll out of win10 on all machines is completed. New users will need to have logged into the laptop once whilst connected to the NBT internal network for global protect to work remotely.


 Old Method

Setting up a new user on the laptop involves configuring their Mcafee Encryption password and logging in to windows on it for the first time. This is best done whilst physically connected to the NBT network. This is possible either in the meeting room or at Tim Whitlock (Deactivated)desk.

When the laptop is first switched on it asks for the Mcafee login this consists of the NBT login id of the user and a unique password. If the user account is not recognised by the Mcafee software then NBTIT will be required to do some re configuring of the laptop. The usual UKRR setup is allow any member of the UKRR to use Mcafee and if a user hasn't been configured on Mcafee yet they will need to use the default password the first time which will then require them to set their chosen password and answer some security questions (which allow the user to reset their password should they need to). The default password is held in the system team password vault. Once configured this password should work on all UKRR laptops though it may be necessary to be connected to the NBT network when first used on a different laptop if that laptop has not recently been connected to the NBT server and picked up the updated password files.

Having negotiated the encryption a new remote worker needs to login to windows on the laptop. This creates the initial user profile locally on the laptop and allows the user to login to windows without connecting to the NBT network. This must be done with the laptop connected to the NBT network. After successfully logging in the laptop should be ready for remote working.

VPN

In order to connect back to the NBT network remote users will need a VPN connection. This requires an app on a smartphone Android RSA SecureID or IOS RSA SecureID Token dependng on the phone OS. NBT IT will send an email to the user with  a link to the certificate that needs to be clicked on the phone this will then load the certificate in to the phone app during this process it will ask for a password which is  NBT user login account and then it can provide the token ids for logging in.

To configure the VPN for the first time a user pin needs to be configured. By default the account will be in "New Pin Mode" which should false the user to configure a new pin. The VPN can only be used when the laptop is not connected to the NBT network. so to configure whilst in the office a mobile phone must be used to provide the internet connection. Login to the laptop and then follow the below instuctions.

  1. Click on the Aventail Icon on the desktop.
  2. Input your username in the top box and in the bottom box the VPN token code from the app.  The box will then appear empty.
  3. Create a new password. The requirements should appear on the box. Again the box will then appear empty.
  4. Input the password you have just created and then wait for the VPN token to change, then input the token number directly after the password with no spaces.
  5. The account should then connect.

IF THE TOKEN HAS NOT BEEN USED IN 3 MONTHS IT MAY BE REMOVED AND REDISTRIBUTED.


Phone

Some remote workers have a separate work phone. These should be set up in the normal way. Other than the VPN SecureID App no specialist apps are required and the set up is currently left to the individual.

Workshare

The programmes team use workshare to share and manage documents. This software needs to be installed on any new remote worker laptop. Accounts for workshare are managed by the programme teams themselves but the Systems Team can if required configure a user and the information is held in the password vault. If the software needs to be installed access to the installer is best done by logging in to the workshare connect web interface https://my.workshare.com/m#signin and then selecting the menu in the top right which gives access to the download center.


Workshare Compatibility

As of 2020 workshare dropped support for office 2010 integration so until our Office installations are updated to a newer version only older versions of Workshare will work on our machines.


This will then offer the appropriate download for the desktop application. There is a known issue with the latest Dell Laptops where the interface doesn't display properly unless the graphic properties for the app don't use the opengl rendering. http://workshare.force.com/knowledgebase/articles/Troubleshooting_Article/Graphics-drivers-not-compatible


  • No labels