Remote Control for Configuration Manager

I actually see a lot of search terms on this blog regarding Remote Control so therefore I wanted to write a post to clarify it’s functionality and how to set it up. It allows for administrators to connect to a client without using RDP and even without a user logged on and you can interact with the user as well, allowing you to see what the users sees. All communication happens over port TCP 2701 and uses Kerberos for authentication (if it cannot authenticate using Kerberos it will try with the less secure NTLM)

To enable Remote Control for a set of clients
In the Configuration Manager console, click Administration.

  1. In the Administration workspace, click Client Settings.

  2. Click Default Client Settings.

  3. On the Home tab, in the Properties group, click Properties.

  4. In the Default dialog box, click Remote Tools.

  5. Configure the remote control, Remote Assistance and Remote Desktop client settings.

Now there are some settings there are some bunch of settings there that you need to configure before you start.

Enable Remote Control on clients Firewall exception profiles
Select whether Configuration Manager remote control is enabled for all client computers that receive these client settings. Click Configure to enable remote control and optionally configure firewall settings to allow remote control to work on client computers. (Just to remember that Remote Control is disabled by default)
1

Allow Remote Control of an unattended computer
Select whether an administrator can use remote control to access a client computer that is logged off or locked. Only a logged-on and unlocked computer can be remote controlled when this setting is disabled.

Prompt user for Remote Control permission
Select whether the client computer will display a message asking for the user’s permission before allowing a remote control session.

Grant Remote Control permission to local Administrators group
Select whether local administrators on the server initiating the remote control connection can establish remote control sessions to client computers.

Access level allowed
Specify the level of remote control access that will be allowed.

Permitted viewers
Click Set Viewers to open the Configure Client Setting dialog box and specify the names of the Windows users who can establish remote control sessions to client computers.

Now after you have changed the settings here you need Press OK and save the settings. If you need to change these settings or have different set of settings for different users, create a separate client settings and deploy it to a new collection.

2

And Viewers can be set to domain users and different viewers can be deployed to separate collections. You just have to create a separate Client Policy.
After these settings are changed to can go back to your computers right click and choose Remote Control

3

4

Now with the green bar appeared we have connected. The user will also see this green bar so it knows who is connected.
We can also see that it successfully used Kerberos to authenticate.

5

Leave a Reply

Scroll to Top