Configuring Site-wide Settings

  • Article

You use the Remote Tools Client Agent Properties dialog box to configure your site settings. The tabs contain properties that you can set to customize Remote Tools for the clients on your site. For example, you can specify whether client users must grant permission before an administrator can conduct a Remote Control session, the level of security, and protocol-related settings. These settings apply to all clients in your site.

You can also manage and configure Remote Assistance settings that apply to all applicable clients in your site. If you choose to manage Remote Assistance settings by using SMS, you can override user Remote Assistance settings and choose the level of Remote Assistance available to administrators.

On This Page

General Tab
Security Tab
Policy Tab
Notification Tab
Advanced Tab

General Tab

The General tab contains settings that apply to both SMS Remote Tools and Remote Assistance. You can use this tab to:

  • Enable Remote Tools for all clients within the site.

  • Prevent client users from changing Policy or Notification tab settings.

  • Choose whether to manage Remote Assistance settings for applicable clients within the site and whether to override Remote Assistance user settings.

The Users cannot change Policy or Notification settings for SMS Remote Tools check box is cleared by default. If you select this check box, it means that all clients in the site must use the settings that you specify for the site. Users cannot change the local Remote Tools settings on clients. If you do not select this check box, users can change the following Remote Tools options:

  • The Remote Tools functions that an SMS administrator can perform

  • Whether an SMS administrator must ask permission before a Remote Tools session can be established

  • Whether visual or audio indicators announce that a Remote Control session is taking place

  • Whether to display the Remote Tools taskbar indicator in the notification area or as a high-security indicator on the client desktop

  • Whether the Remote Control components are installed on Advanced Clients running Windows XP Professional or Windows 2003 Server

Select the option Do not install Remote Control components for Advanced Clients running Window XP, Windows Server 2003, or later to prevent Remote Control from being installed on computers running those platforms. It is strongly recommended that you use the Windows Remote Assistance and Remote Desktop Connection features of Windows XP and Windows Server 2003 rather than SMS Remote Control on computers running those platforms. Windows Remote Assistance and Remote Desktop Connection are more secure technologies and are built-in features of the operating system.

Security Tab

The Security tab contains settings that apply both to SMS Remote Tools and to Remote Assistance.

The Permitted Viewers list applies to both SMS Remote Tools and Remote Assistance users. You can use this tab to add non-administrators users and user groups to the Permitted Viewers list. Permitted viewers are users and user groups that can remotely access clients running Windows NT 4.0 or later. By using SMS 2003, members of the local Administrators group can access clients, regardless of whether they appear in the Permitted Viewers list.

Although the Permitted Viewers list appears to accept only user groups, you can also add user names to this list. It is more efficient to manage this list by using user groups, but the ability to specify a user name is available to those who need it.

When you upgrade from SMS 2.0, remove all unnecessary language-specific administrator names from the Permitted Viewers list. Doing so enhances the performance of SMS Remote Tools by reducing the number of permitted viewers that are authenticated by the domain controller each time you initiate a Remote Tools function. SMS 2003 Remote Tools automatically grant Remote Tools access to the Administrators group. You do not need to add the Administrators group to the Permitted Viewers list.

Using Remote Tools on clients running Windows NT 4.0 or later requires that the user be a member of the local Administrators group or be included in the Permitted Viewers list. For all clients, you must also create a security right to use Remote Tools on specific collections and assign that right to specific users or user groups. For more information about Remote Tools security, see Chapter 5, "Understanding SMS Security," in the Microsoft Systems Management Server 2003 Concepts, Planning, and Deployment Guide.

Policy Tab

The Policy tab contains settings that apply to both SMS Remote Tools and Remote Assistance.

You can use this tab to:

  • Specify the level of SMS Remote Tools access (Full, Limited, or None).

  • Specify whether users must grant permission when an administrator tries to remotely access their client.

  • Note

    • You can limit the requirement for users to grant permission to only clients running Windows 98. This provides greater security for those clients.

  • Specify the level of Remote Assistance access (Full control, Limited viewing, or None).

Level of SMS Remote Tools access

You can choose to allow administrators to perform all Remote Tools functions, no Remote Tools functions, or limited Remote Tools functions. If you allow administrators limited Remote Tools functions, you can then specify which functions are permitted.

To specify limited permissions

  1. In the Level of remote access allowed list, click Limited, and then click Settings.

  2. In the Default Limited SMS Remote Tools Settings dialog box, select the Remote Tools functions that you want administrators to have for clients of the site. For more information about these functions, see the "SMS Remote Tools Overview" section earlier in this chapter.

Level of permission required for SMS Remote Tools

You can choose to allow administrators to perform Remote Tools functions with or without client permission.

When you select the Do not ask permission check box, using SMS Remote Tools on clients running Windows 98 is less secure than on clients running Windows NT 4.0 or later. Specifically, there is a greater risk of an unauthorized Remote Control session to a client running Windows 98. For this reason, it is recommended that you always display a message to ask for the user's permission on clients running Windows 98. You can do this in two ways:

  • Select the Display a message to ask for permission option, which displays a message on all clients.

  • Select the Display a message to ask for permission option, and then select the Only on clients running Windows 98 check box, which displays a message only on clients running Windows 98.

Level of Remote Assistance access

You can choose to allow administrators to use Remote Assistance to fully control applicable clients, to remotely view applicable clients, or to not use Remote Assistance. The level of control that you choose for this setting applies to all Remote Assistance sessions, whether you start them from within the SMS Administrator console or from the operating system.

To enable all site-wide settings for Remote Assistance on the clients, SMS passes the settings to the clients and applies them by using local Group Policy. If you subsequently apply Group Policy settings at the site, domain, or organizational unit level by using the Group Policy Microsoft Management Console (MMC) snap-in, the local Group Policy settings applied by SMS on clients are overwritten.

If you select the Users cannot change Policy or Notification settings for SMS Remote Tools check box on the General tab, the user cannot override these settings on a client.

User permission is always required when using Remote Assistance in the SMS Administrator console.

Notification Tab

The settings on the Notification tab apply only to SMS Remote Tools.

Note

  • Your organization's internal policy and, in some circumstances, the privacy laws in your locale might influence the level of user alerts that you specify.

You can use this tab to:

  • Specify whether to display a visual indicator to notify users when a Remote Control session is active on their computers. This visual indicator pertains to Remote Control only, not to other Remote Tools functions.

  • Select the type of visual indicator to be displayed. The visual indicators differ in where they appear on the desktop and whether the indicator can be hidden from the user's view.

  • Specify whether to display the visual indicator only when a Remote Control session is active or when no session is active.

  • Specify whether to play a sound to notify users when a Remote Control session is active. You can specify that the sound play only when a session begins and ends or plays repeatedly during a session.

Status indicators

There are two types of visual indicators:

Taskbar indicator The taskbar indicator appears in the notification area on the client's taskbar. The indicator changes its appearance when an SMS administrator initiates a Remote Control session with the client. You can configure the Remote Tools Client Agent to permit the user to hide this indicator.

High-security indicator The high-security indicator initially appears in the top right corner of the client's desktop. The user can move the icon but cannot hide it, which allows a user to always determine if and when a Remote Control session has been initiated. The indicator is displayed within the icon. The title bar of this indicator is gray until a Remote Control session is initiated, and then the title bar turns red.

Table 9.1 Remote Control Indicators

Icon

Description
 

Taskbar indicator

Taskbar indicator. No Remote Control session is active.
 

Taskbar indicator

Taskbar indicator. A Remote Control session is active.
 

Taskbar indicator

Taskbar indicator. A Remote Control session is active but paused.
 

High-security indicator

High-security indicator. No Remote Control session is active and the title bar is gray.
 

High-security indicator

High-security indicator. A Remote Control session is active and the title bar is red.
 

High-security indicator

High-security indicator. A Remote Control session is active but paused.

Advanced Tab

The settings on the Advanced tab apply only to SMS Remote Tools. The Advanced tab in the Remote Tools Client Agent Properties dialog box contains a number of hardware-related settings. For most installations, the default settings in this dialog box should not be changed. For more information, see the "Client Hardware Settings" section later in this chapter.

You can use this tab to:

  • Select the default video compression level of remote screen captures during a Remote Control session (Low, High, or Automatically Select). For more information, see the "Video Compression" section later in this chapter.

  • Select the default remote access protocol for all clients in the site. If you are using the SMS 2003 Administrator console to configure an SMS 2.0 site, you can select TCP/IP or NetBIOS. For SMS 2003 sites, the only supported protocol is TCP/IP and the default remote access protocol setting is not available.

  • Enable video acceleration clients running Windows NT 4.0 or later and determine which video drivers can be accelerated for clients running Windows NT 4.0. For more information, see the "Video Acceleration" section later in this chapter.

Important

  • If you change the settings on the Advanced tab after the Remote Tools Client Agent components have been installed on clients, the previously installed clients do not receive the new settings automatically. The revised Advanced tab settings are passed down to the clients during the next maintenance cycle of the CCIM, but they are not implemented until you uninstall and reinstall the Remote Tools Client Agent components. This applies to Legacy Clients only. For more information, see the "Client Hardware Settings" section later in this chapter.
For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.