Box Shot Image

Remote Control

Take control of computers across your network, or across the world. Remote Control allows you to control a PC as if you were there. Includes a blazing fast search to find computers quickly

Product Links

Home
Screen Shots
Download
Purchase
Manual
Comparison


News And Tips

New versions of remote control coming soon!
Remote Control 5.6 Released
Remote Control 5.4 MSI Distribution
Remote Control 5.4 Distribution Update
Remote Control 5.4 Released
Remote Control Beta 2 Released
Beta - Remote Control 5.4
A Windows 2012 RDP Shadowing Alternative
Spy on computers remotely
Easily Shadow Remote Desktop Sessions
IntelliAdmin Remote Control with Windows 7
Use group policy to manage IntelliAdmin Remote Control

Remote Control Distribution Tool Manual


IntelliAdmin Remote Control distribution tool is used to manage and install the remote control server across your LAN.

Click Here to download the distribution tool

Using the distribution tool you can lock down settings so users cannot change them, completely block access, or even remove the agent. Below is an index of the manual:

Table of contents

1. Users
2. Connections
3. Status
4. Listen Ports
5. Lock Settings
6. Authentication
7. Computer List
8. Installation
9. Removal
10. Links and other tips

Users

The users section allows you to determine what users can access machines, and what level of access they have:

Users Tab

There are three types of users: Windows, Standard, and VNC. Windows users are specific windows user accounts, or windows security groups. A standard user is a simple username and password pair – it has no relation to a windows user account. A VNC user account is a password that will allow VNC clients such as RealVNC to access the agent – keep in mind that VNC accounts do not provide any encryption.

The order of the accounts is important. The remote control agent will process them from top to bottom. Why should you pay attention to the order? Lets look at an example.

We want to allow all users in a domain to have view only access, and one specific user named "John" to have full access, If we were to add them in this order:

User Order

John would never get his higher level of access. Why? Because the agent will see if he matches the "Users" group – and he does. The agent stops there. To prevent this you need to put John’s account first:

Correct User Order

A good rule of thumb is to put the user accounts first, then groups. If you need to change the position of a user, simply use the "Move Up" and "Move Down" buttons.

Another situation to consider is when you add a standard user, and you have a Windows security group in place. For example, if you added the "Users" group and and you add a standard user named "Steve", what would happen if there were also a user named "Steve" in the "Users" group? It would depend on the order:

User Collision

In the case shown above, the permissions of the "Users" group would take effect. If the "Steve" account were to be moved up, then it would take precedence over the "Users" group.

Try to keep the number of accounts to a minimum – especially Windows accounts. Each additional account requires more processing time, and it will lenghthen the time it takes for the viewer to login to the remote system.

Connections

The connections tab allows you to filter IP address, limit the maximum number of connections, and setup automatic banning for users that connect with a bad password:

Connections

IP address filters are processed from the top down. When the agent finds a match, it stops processing. If we wanted to block a single IP address we could have two rules like this:

Block IP Address

The agent would see if the remote viewer was connecting from 192.160.1.1 – if it was the connection would be terminated.

Make sure you have at least one "Allow" rule, because the agent will not allow a viewer to connect unless it matches at least one rule. This is why the default configuration has an "allow all" rule included.

Filters can also use the * and ? wild card characters. Using the wildcard characters we could allow an entire range of IP addresses but block everything else. In this example we allow anything in the 192.168.1.* network. If the viewer connected from 192.168.1.33, or 192.168.1.27, or any 192.168.1.XXX adderess it would be allowed to connect. Any other address range would be rejected implicitly, because there are no other matching rules:

Allow Range

There are situations where you may want to block IP addresses automatically. The automatic blocking will be enabled for an IP address when a viewer uses an incorrect password. The default the number of bad attempts is three. When an IP address is blocked, it will be blocked for 15 minutes. The blocked address is not added to the main filter list, but is maintained in an internal list that is erased if the service is restarted:

Automatic Blocking

When a viewer is blocked because of an automatic ban, you can see this in the agent’s log.

The maximum number of connections from a specific IP adderess, and the total number of connections can be limited by changing these values:

Max Connections

Status

By default, the remote control service will show a tray icon by the time. When the user clicks on it they will be shown the IP address, and computer name. In addition a button is available to configure the service. The status tab has the options to disable the tray icon all together, or to simply remove the configure button:

Remote Control Status Window

Listen Ports

Generally, the agent will only need to listen on port 2792, but if you plan on using VNC clients to connect to your agents you can easily add another interface for the default VNC port 5900:

Listen Ports

Lock Settings

Any area of settings can be locked down, and the end user will not be able to change them. The settings can be locked by checking the box that says "Prevent users from changing these settings":

Lock Settings

If the user tries to modify them by launching the agent settings application on their computer, the area will be disabled:

Locked Agent

Authentication

The distribution tool will need to use remote registry, and window file sharing to install and change settings. A domain administrator account is needed for this. Enter this information on the "Destination" tab. When the password is saved to the registry it is encrypted using 256 bit AES encryption:

Distribution Authentication

Computer List

This area of the "Destination" tab allows you to create a list of computers. This list can be modified by clicking on the "Add or Remove" button.

Computer List

They can be imported using a CSV text file, selected from a workgroup/domain, or entered manually.

The expected CSV format would look like this:

"Computer1","Main Office"
"Computer2","Main Office"
"Computer3","Back Office"

Installation

Once you have picked all of your settings, and computers you can deploy the agent. To begin the process press the "Deploy to All Computers" button:

Deploy All

As the agent and settings are pushed to the machines, the status window will indicate the current progress. At any time you may cancel the process, and save the current status. When you launch the application again you can resume the install by clicking the "Resume Previous Deployment" button:

Resume Deployment

In addition to resuming computers that were never processed, it will also attempt to install to computers that failed. This is a good way to keep retrying failed machines.

Removal

The deployment tool can also be used to remove the agent. Press the "Remove from all computers" button and it will remove the agent files and settings from all of the computers in the main computer lis. If canceled, or there are failed computers, the process can be resumed by clicking on the "Resume Previous Removal" button

Links and Tips

For the removal, or installation to work firewall, and file sharing settings must be correct on the remote machines. Here are a few links that describe how to do this using group policy, or manually:

Enable file and printer sharing using group policy

Enable file and printer sharing manually for Windows XP

Enable file and printer sharing manually for Windows Vista

If you still have any questions please feel free to send us an email at: support@intelliadmin.com and will be glad to help.

Category Links - Windows Forum - Exchange Forum