How to secure HTML Remote Control

Version 3

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.x

    Scenario

    Once a user decides to allow HTML remote access (Tools > Configuration > Agent Settings > All agent settings/ My agent settings / Public Agent Settings > Remote control > Right click properties)

    They may immediately be concerned because it appears that any domain user is able to remote control other machines through the web browser by navigating https://clientIPaddress:4343

    Cause

    They have not set the proper security settings in the Remote control settings. Local template security should not be selected. Those permissions are based off the local agent machines security permissions. This should rarely be used in environments.

     

    Solution

    1. Select Integrated security in the security settings > Remote control settings (You can also select individual users using remote control operator groups to make it even more secure.)
    2. Run a vulscan.exe on the agent computers that have the "Allow HTML access" remote control agent settings.