Things that you should know about Remote Control and the Management Gateway

Version 2

    Verified Product Versions

    LANDESK Management Suite 2016.x

    *_Guide for Security Types when Remote Controlling

    through the Management Gateway_*




    isscntr.exe shortcut


    Local Template



    Integrated Security

    Does not work (See Note 1)


    NT Security

    Works (See Note 2)

    Works (See Note 2)

    Certificate Based

    Self-Contained .EXE

    Does not work



    Note 1: To be able to configure the shortcut to work

    with isscntr.exe the target line must be configured with the following:



    "C:\Program Files\LANDesk\ServerManager\RCViewer\isscntr.exe"

    -agsb://broker name -s"core server" (the location of

    isscntr.exe may vary)


    Note 2: NT Security through the

    LANDesk Management Gateway only authenticates the users and groups in the Remote

    Control Operators group.   If that device is outside the AD environment (on the

    internet) then AD users will not be able to authenticate (Only local




    Remote Control Authentication



    When a Remote Control session is attempted (regardless of security type) the

    viewer verifies the remote controller’s credentials by checking the user account

    that is logged into WINDOWS. It does not matter for Remote

    Control authentication purposes what account is logged into the LDMS console.

    The account logged into WINDOWS needs to be in the Management

    Suite group, and if NT security is being used the WINDOWS

    account needs to be in the Remote Control Operators group on the client




    Remote Control Scopes



    Remote Control scopes only work with Certificate based and Integrated


    The account that is logged into WINDOWS is used

    to verify any scope that is being used for Remote Control purposes.



    *_Integrated security and Nested AD




    If Integrated Remote Control security is being used, and Active Directory

    (global) groups are being used to populate the LANDesk Management Suite (local)

    group, the following must be done or Integrated Remote Control will not



    On the core server, open Administrative Tools > Component

    Services > Component Services > Computers > My Computer > COM+

    Applications > LANDesk.  Right click the object and click on



    Note: The LANDeskComPlus is the default user

    specified by the LANDesk COM+ objects. These credentials are used whenever IIS

    needs to contact Active Directory, the objects themselves are used when

    certificates are created and if possible they attempt to verify credentials

    against Active Directory. Since LANDeskComPlus is not a valid AD user, any

    attempt by this user to authenticate to Active Directory will result in an

    authentication failure.



    Specify valid AD credentials in Windows Component Services as follows:



    Open the Identity tab and change the "LANDeskComPlus" user to a valid user on

    the domain. A valid user is one that has read access to AD.  Do the same for the

    LANDesk1 COM object as well.