Most of times during a ConfigMgr 2007 implementation, there will be Delegation of Control configured. This will be done beneath Security Rights -Users/Rights in the ConfigMgr console. At that place there can be different roles configured, for example: Administrators role, Support role or Reporting role. But what to do when only Remote Control functionality is needed? In this blog I will explain what to do for configuring Remote Control in ConfigMgr.
Remote Control functionality is build-in with the ConfigMgr client. Check Site Management > Site Settings > Client Agents > Remote Tools Client Agent for configuring settings and security.
Most of time I choose this settings at General tab:
Beneath Security, Users and Groups must be added for Remote Control functionality:
This will add users and groups in the registry of all clients and servers managed within ConfigMgr 2007: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Client\Client Components\Remote Control
In the Notification tab there are multiple choices for configuring:
Most of times I don't configure settings beneath the "Remote Assistance" and "Remote Desktop" tab. These are not needed for Remote Control functionality!
Now set security in the ConfigMgr console, by going to Security Rights -Users/Rights in the ConfigMgr console. Add a new user or group for having Remote Control rights.
I've created a RemoteControl user for this blog:
Choose to add another right or modify an existing one:
I put rights here to use Remote Tools on every collection:
Configuring is done, and the user/groups has now access rights:
For using the Remote Control functionality in ConfigMgr console now, all you hace to do is install (or virtualize) this console, and offer it to the rights users. Default the whole console will be displayed, and only the parts which you have access to, can be managed/used. You can also building a custom ConfigMgr admin console, which has for example only collections in it. See this URL for building one yourself: http://scug.be/blogs/sccm/archive/2008/07/16/building-a-custom-configmgr-2007-admin-console.aspx
Another way for giving specific users access to Remote Control functionality, is build a package with only 2 (two) files in it. This will be RC.exe and Rdpencom.dll (both can be found at ConfigMgr source > AdminUI > Bin > i386 location. Just distribute these files, and make sure security is done in the ConfigMgr console, and you're done!
The only real difference in both solutions will be the search option. In the ConfigMgr console > Collections, there can be searched in All Systems for the device which must be taken over. In the single RC.exe file solution, a name must be typed-in for having Remote Control functionality.
Remember that firewall rules must be added for having Remote Control functionality on the client when firewall is active. Otherwise an error message will follow, with a "Unable to connect" message. See this URL for used ports in ConfigMgr 2007: http://technet.microsoft.com/en-us/library/bb632618.aspx
Hope I make things clear with posting blogs like this!