We’ll teach you how to use System Center Configuration Manager 2012 to configure and use remote desktop connections in this post. Remote control is commonly used in HelpDesk services for remote administration and technical support. Remote desktop is simple to see and interact with.
SCCM 2012 requires three tools to connect to user workstations remotely:
- SCCM feature includes the ability to connect to and interact with the user session via remote control. You can turn off the notification that the session is being browsed by the administrator. In the absence of a computer user session, a remote desktop connection to a computer is feasible (direct connection to the console). CmRcViewer.exe is the client.
- Windows has Remote Assistance as a standard feature. The user confirms the administrator’s remote connection to the session. RA connection is impossible if the user is not logged in to the machine. msra.exe is the client.
- RDP client – RDP protocol connection in a separate session. mstsc.exe is the client.
Configuring a remote connection to SCCM 2012 customers
The client policy can be used to configure the remote connection settings. Edit an existing client policy (for example, Default Settings) or create a new one.
Go to the Remote Tools section of the Client Settings window. Remote connections are disabled by default.
Toggle on Enable Remote Control on Client Computer if you want to use this feature. You must also define the firewall profiles for which you want to enable Remote Tools connections.
Let’s consider the main settings on client computers:
In Software Center, users can adjust policy or notification settings, including whether or not they can update the remote connection policy and notifications.
Allow remote control of an unattended computer – whether a computer with a locked screen or without the user’s session can be connected to.
If the user must confirm authorization for a remote connection to the computer, prompt them for Remote Control permission.
Allow remote control for members of the local Administrators group — whether or not to allow remote control for members of the local Administrators group.
Allowable access level — the level of access to the user’s session (view-only or full control).
Permitted viewers – a list of persons and organisations who have access to the remote control.
Display session notification icon on taskbar – if the active connection symbol should be displayed in the notification bar.
Show the session connection bar – a separate panel with the active connection notice.
Play a sound on the client – a unique sound that indicates whether the user is connected or disconnected.
Manage Remote Assistance settings when the user did not initiate the connection request — RA settings management when the user did not initiate the connection request.
Control RDP settings — Manage Remote Desktop settings.
Allow permitted viewers to connect using Remote Desktop Connection — whether or not people identified in this policy connect via RDP is up to you.
Require network level authentication on computers running Windows Vista and later versions – whether or not to make NLA authentication necessary for computers running Vista and later versions.
Typically, the settings are chosen based on the remote control policy. In that instance, the user should seek remote connection authorization and display an active connection symbol in the notification bar.
Request Remote Control authorization from the user: True
On the taskbar, show the session notification icon: True
On the client, play a sound: The beginning and the end of the session
Simply click the Set Viewers button and add the group/user names to the list to allow particular users and groups to login to users’ desktops.
SCCM client configurations
After receiving the policy (by default in 1 hour) creates the local security group. This group also is known as ConfigMgr Remote Control Users. This group has the appropriate DCOM permissions. Remote control settings are located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Client\ClientComponents\Remote Control.
You must add the ConfigMgr Remote Control Users group to the Allow log on through Remote Desktop Services policy (Local Security Policy> User Rights Assignment) if remote users are authorised to connect via RDP.
Also, you have to give permission in the PDP-Tcp properties.
After that, you will see the appropriate rules in the firewall policies.
SCCM documentation is specified, that remote control is only possible when the following ports are open:
- TCP – 135
- TCP – 2701
- TCP – 2702
- UDP – 2701
- UDP – 2702
Using Remote Control
You can try to connect to the user’s machine if the SCCM remote connection policy is defined and the clients have received it.
Start Configuration Manager 2012, pick the computer to which you wish to connect, and then select Start -> Remote Control from the context menu.
You will see the Remote Control window, which displays the connection log.
After that, user will see the window, which indicates a connection request to its desktop.
Remote connection logs
Information about all remote connections is maintained with special logs that are stored on the server side and on the client side:
- SCCM server — [System Drive]\Users\[UserName]\Documents\Remote Application Logs
- SCCM client — [System Drive]\Users\[UserName]\Documents\Remote Application Logs