With SCCM you can specify Remote Control Settings, unfortunately these settings are site settings so all the machines within your sites will have the same remote control settings.
So for instance, the setting that you prefer a pop-up that a user needs to allow you before you can remote control his machine...
Well this settings caused a challenge for me, as I got a group of critical kiosk machines that I want to take over remotely but I don't want that users have to allow me first.
From what I have heard within vNext we will be able to set Remote Control settings on each collection, this is awsome but for the moment with SCCM we need to workaround this.
How?
First scenario is to override the ‘Ask for permission when an administrator tries to access the client’ setting part of the Remote Tools Client Agent.
The following code is what the ConfigMgr client receives from the Management Point (T01 is the sitecode in this example):
instance of CCM_RemoteToolsConfig
{
PolicyID = "{GUID value}";
PolicyVersion = "x";
PolicySource = "SMS:T01";
PolicyRuleID = "{GUID Value}";
PolicyInstanceID = "{GUID value}";
Enabled = TRUE;
ComponentName = "SmsRemoteTools";
Type = 1;
RemoteToolsEnabled = TRUE;
AllowChat = TRUE;
AllowClientChange = FALSE;
AllowFileTransfer = TRUE;
AllowReboot = TRUE;
AllowRemoteExecute = TRUE;
AllowTakeover = TRUE;
AllowViewConfiguration = TRUE;
AlwaysVisible = FALSE;
AudibleSignal = TRUE;
CompressionType = 2;
ControlLevel = 2;
DefaultProtocol = "TCP/IP";
IndicatorType = 0;
PermissionRequired = 1;
UseIDIS = TRUE;
VisibleSignal = TRUE;
DisableToolsOnXP = TRUE;
ManageRA = TRUE;
EnableRA = TRUE;
AllowRAUnsolicitedView = TRUE;
AllowRAUnsolicitedControl = TRUE;
ManageTS = FALSE;
EnableTS = FALSE;
EnforceRAandTSSettings = TRUE;
PermittedViewers = NULL;
};
Note the PermissionRequired settings is set to 1 which states that permissions are required when running Remote Tools.
This is the value we have to overwrite by creating a new mof file.
The mof file will look like this:
#pragma namespace("\\\\.\\root\\ccm\\policy\\machine\\requestedconfig")
[CCM_Policy_PartialPolicy(true)]
instance of CCM_RemoteToolsConfig
{
// Header properties
PolicyID = "1";
PolicySource = "local";
PolicyVersion = "1";
PolicyRuleID = "1";
PolicyInstanceID = "1";
Type = 1;
// Data properties
[CCM_Policy_Override(TRUE)]
PermissionRequired = 0;
};
Watch the "PermissionRequired=0"
We save this file as for instance CustomRemoteControl.mof.
On each machine you want that the default settings gets overwritten with the new one you need need to compile this new mof file.
You can do this with:
%windir%\system32\wbem\mofcomp.exe CustomRemoteControl.mof
woensdag 9 juni 2010
Abonneren op:
Posts (Atom)
