Things that you should know about Remote Control and the Management Gateway

Version 2

    Verified Product Versions

    LANDESK Management Suite 2016.x

    *_Guide for Security Types when Remote Controlling

    through the Management Gateway_*

     

     

    Type

    isscntr.exe shortcut

    Console

    Local Template

    Works

    Works

    Integrated Security

    Does not work (See Note 1)

    Works

    NT Security

    Works (See Note 2)

    Works (See Note 2)

    Certificate Based

    Self-Contained .EXE

    Does not work

     

     

    Note 1: To be able to configure the shortcut to work

    with isscntr.exe the target line must be configured with the following:

     

     

    "C:\Program Files\LANDesk\ServerManager\RCViewer\isscntr.exe"

    -agsb://broker name -s"core server" (the location of

    isscntr.exe may vary)

     

    Note 2: NT Security through the

    LANDesk Management Gateway only authenticates the users and groups in the Remote

    Control Operators group.   If that device is outside the AD environment (on the

    internet) then AD users will not be able to authenticate (Only local

    users).

     

     

    Remote Control Authentication

     

     

    When a Remote Control session is attempted (regardless of security type) the

    viewer verifies the remote controller’s credentials by checking the user account

    that is logged into WINDOWS. It does not matter for Remote

    Control authentication purposes what account is logged into the LDMS console.

    The account logged into WINDOWS needs to be in the Management

    Suite group, and if NT security is being used the WINDOWS

    account needs to be in the Remote Control Operators group on the client

    system.

     

     

    Remote Control Scopes

     

     

    Remote Control scopes only work with Certificate based and Integrated

    Security.

    The account that is logged into WINDOWS is used

    to verify any scope that is being used for Remote Control purposes.

     

     

    *_Integrated security and Nested AD

    groups_*

     

     

    If Integrated Remote Control security is being used, and Active Directory

    (global) groups are being used to populate the LANDesk Management Suite (local)

    group, the following must be done or Integrated Remote Control will not

    work:

     

    On the core server, open Administrative Tools > Component

    Services > Component Services > Computers > My Computer > COM+

    Applications > LANDesk.  Right click the object and click on

    Properties.

     

    Note: The LANDeskComPlus is the default user

    specified by the LANDesk COM+ objects. These credentials are used whenever IIS

    needs to contact Active Directory, the objects themselves are used when

    certificates are created and if possible they attempt to verify credentials

    against Active Directory. Since LANDeskComPlus is not a valid AD user, any

    attempt by this user to authenticate to Active Directory will result in an

    authentication failure.

     

     

    Specify valid AD credentials in Windows Component Services as follows:

     

     

    Open the Identity tab and change the "LANDeskComPlus" user to a valid user on

    the domain. A valid user is one that has read access to AD.  Do the same for the

    LANDesk1 COM object as well.