(not) Allowing Remote Control

[Guest_imported]

In SMS1.2 there is an INI file setting that states whether users of remote PC's have to click "YES" to allow SMS to remote control their machines.

In SMS2 I believe this has been replaced by a global setting. While this is good and in most cases we DO want this, it makes taking control of remote machines where there are no users difficult (impossible!)

Is there any way of creating "exceptions" to this rule ?

Regards,
Andrew Whitton.

 

[HEMan1979]

No, it's not difficult/impossible to take control of remote machines where users are not available, actually it's quite easy to work arround it.

The SMS Client saves the information whether to allow remote control etc. in the registry on the machine/the client system itself.
So, do the following if you're not able to take remote control of a remote machine where an user is not available:

1. Open regedit and connect to the remote machine by clicking "Registry" \ "Connect Network Registry...".

2. Go to the folowing key on the remote machine:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Client\Client Components\Remote Control"

3. Enter a "0" in the value "Permission Required" and be sure that "Allow Takeover" value is "1".

4. Now try to take over the remote machine, and you'll see that you're able to do it without having to ask the remote user to click Yes for allowing the takeover.

After you've finished your takeover session re-enter "1" in the "Permission Required" value.

Greetz,

HE-Man
The Netherlands

 

[andywhitton]

Thanks, thats very useful indeed. If the central setting is 1 and the local setting 0 does the central value eventually override the local ?

From a security point of view, is there anything that allows you to audit a user changing this value within SMS as opposed to the usual audit tools.