Tools for system administrators and corporate environments

[LeonarddeR]

Background

The interest to use NVDA in corporate environments is growing and growing. This also introduces some challenges for IT administrators. This issue is meant to be an umbrella for ideas about how the workflow of IT administrators can be improved with regard to the Use of NVDA. Feel free to introduce new basic ideas here. If more people agree that ideas might be useful to implement, we can devote a separate issue to them.

Related issues

• 9256: Enforce disabling the ability to update NVDA. This makes sense in cases where people are unable to update due to administrative restrictions.

• 8636: Allow disabling easeOfAccess integration

• 3564 add support for sending speech over remote desktop protocol channels. See also UnicornDVC

• 6822: Add support for configuration and add-on inheritance

• 6115: the ability to disable the speech viewer

Additional ideas

1. Alternative for #6822: Allow predefiining NVDA configuration parameters in the windows registry to override user defaults. This can be used to disable braille display auto detection by default, disable the welcome screen at startup, disable particular document formatting defaults due to performance reasons, etc.
2. The ability to hide certain options, such as those requiring administrative privileges, creating portable copies, from the gui. In other words, enforcing secure mode or a subset of it.
3. Having a MSI package for NVDA for easier deployment with sccm and other tools, or at least a non self-voiced installation package when installing silently.

[DrSooom]

• As admins want to configure everything which is possible and to disable features, which aren't needed, via GPO, I guess we need to make all settings or configurable via GPO instead of the "nvda.ini".
• But we also need a tool to create prepared "nvda.ini", as well as for all other configurable staff like the "gestures.ini" or add-on settings – if GPO isn't used by the admin.
• And of course the admin should be able to disable several entries from the NVDA menu like the Log Viewer, the Add-on Manager, the Input Gesture Dialog and so on.
• And the admin should also have the possibility to set what kind of settings should be changeable by the user, and to set "saveConfigurationOnExit" always to "False", which cannot be changed by the user.
• And maybe we need a new command parameter for the "nvda.exe" for reading the configuration from the GPO/registry too.

Hope I could help you a little bit in brainstorming, even if I'm not really familiar with such things. (I learned just a few things regarding to Windows Server 2003 at school. So my knowledge here is quite outdated.)

[LeonarddeR]

The idea to have group policy support is interesting, though most likely pretty complex to implement. It is certainly something to keep in the back of our heads, though

[DrSooom]

Is it possible to add an additional "nvda.ini" between the default settings of NVDA and the user configuration? This "admin-nvda.ini" should be stored directly in the installation/program folder in a new folder called "adminConfig". So we would need a tool which transfers the content of the "userConfig" folder in the "adminConfig" folder in a suitable and correct way (incl. add-on configurations).

Well, a "user-permission.ini", in which the admin is able to set which option should be configurable by the user, is needed too, as I mentioned before. Every option which is "disabled" by the admin isn't selectable via the GUI and its values in the "userConfig/nvda.ini" are fully ignored by NVDA. So even if the user changes the value of such an option directly in the "userConfig/nvda.ini", he still need the permission for it, otherwise his changes will have no effect. And to change the permissions the user needs admin privileges, because this permission ini file is stored in the program folder.

Well, and the GPO support is really a complex stuff – especially in combination with the AD.

[kieranlittle667]

Interesting ideas. We definitely need a better deployment option; even the Chocolatey package is forced to play the installation music; a very silent option would be preferable. The GPO idea is an interesting one, but may be difficult to implement and maintain. I can say from experience of running nvda with limited permissions in a corporate environment that certain features just aren't needed e.g. as you say, check for updates, copy user config to logon screen, etc. A rdp option is deffinitely needed, as certinly in our environment, vm's don't have the windows audio service started by default, however I am in the lucky position of having the JFW remote addon.

[LeonarddeR]

I recall the Chocolatey package was once provided by @bramd. The Ninite integration also plays the startup sound, and I think that both integrations should also use the --enable-start-on-logon=False command line parameter on 2019.1 and above.

[bramd]

@leonardder Yes, I maintain the Chocolatey package. I'm not really sure what the default for NVDA on log on screen should be, I guess it will depend on the environment. E.g. deploying in a blindness specific institution or giving the ability to log on to every computer for blind users/staff. Since, as far as I know, there is no way to launch NVDA on the log on screen manually, the start on log on option with a default of True might be preferred to allow blind users to log in to all computers in an organization.

That being said, it would be good to expose this as a parameter in the Chocolatey package. Any ideas of options that should be exposed as well? Pull requests for the package are also welcome, it's at https://github.com/bramd/chocolatey-nvda.

[aturnipseed]

I was able to create a batch file to change it but i can only run it after the install and its making it difficult to run through SCCM. I will be patiently awaiting the 2019.1 build to cure all of my ills.

[LeonarddeR]

Filed an issue for a command line parameter to copy portable configuration on silent installations, Issue #9676

[Adriani90]

cc: @seanbudd, @gerald-hartig for triaging.

[seanbudd]

I would say this is a meta issue, a collection of other issues. I think they need to be triaged individually

[gerald-hartig]

@seanbudd Agreed. FYI I've referenced this issue in the roadmap for when we do a push for these kinds of issues.