Introduction to Remote Connection Profiles in Configuration Manager
Updated: May 14, 2015
Applies To: Microsoft Intune, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
The information in this topic applies only to System Center 2012 R2 Configuration Manager versions only.
Use remote connection profiles in System Center 2012 Configuration Manager to allow your users to remotely connect to work computers when they are not connected to the domain or if their personal computers are connected over the Internet.
Users can connect to their work PC from the following device types:
Computers that run Microsoft Windows
Devices that run iOS
Devices that run Android
Remote connection profiles let you deploy Remote Desktop Connection settings to users in your Configuration Manager hierarchy. Users can then use the company portal to access any of their primary work computers through Remote Desktop by using the Remote Desktop Connection settings provided by the company portal.
Microsoft Intune is required if you want users to connect to their work PCs by using the company portal. If you are not using Intune, users can still use the information from the remote connection profile to connect to their work PCs by using Remote Desktop over a VPN connection.
When you specify remote connection profile settings by using the Configuration Manager console, the settings are stored in the local policy of the client computer. These settings might override Remote Desktop settings configured by another application. Additionally, if you use Windows Group Policy to configure Remote Desktop settings, the settings specified in the Group Policy will override those configured by using Configuration Manager.
The following table shows a high-level overview of the steps required to implement and use remote connection profiles in your organization.
The Configuration Manager administrative user makes sure that the necessary prerequisites are in place to use remote connection profiles.
The Configuration Manager administrative user creates a remote connection profile that contains details about the Remote Desktop Gateway server and connection settings that will be used to connect to work computers.
The Configuration Manager administrative user deploys the remote connection profile to the devices that will be enabled for remote connections.
The users can connect to their primary devices after they are published in the Microsoft Intune Self Service Portal, also known as the company portal.
No additional information.
When you install System Center 2012 R2 Configuration Manager, a new security group, Remote PC Connect, is created. This group is populated when you deploy a remote connection profile that includes the primary users of the computer to which you deploy the profile. Although a local administrator can add user names to this group, these users will be removed from the group when deployed remote connection profiles are next evaluated for compliance.
If you manually add a user to this group, the user can initiate remote connections, but the connection information will not be published in the company portal.
If you manually remove from the group a user that has been added by Configuration Manager, Configuration Manager will automatically remediate this change by adding the user back when the remote connection profile is next evaluated for compliance.
If the user device affinity relationship between a user and a device changes (for example, the computer a user connects to, stops being a primary device of the user, Configuration Manager disables the remote connection profile and Windows Firewall settings to prevent connections to the computer.
The information in this section also appears in the Getting Started with System Center 2012 Configuration Manager guide.
Remote connection profiles are new in System Center 2012 Configuration Manager. They provide the following capabilities and have some dependent configurations:
Deployment of remote connection profiles that allow users to remotely connect to work computers from the company portal when they are not connected to the domain or if they are connected over the Internet.