*_Guide for Security Types when Remote Controlling

through the Management Gateway_*

Note 1: To be able to configure the shortcut to work

with isscntr.exe the target line must be configured with the following:

"C:\Program Files\LANDesk\ServerManager\RCViewer\isscntr.exe" -agsb://broker name -s"core server" (the location of

isscntr.exe may vary)

Note 2: NT Security through the

LANDesk Management Gateway only authenticates the users and groups in the Remote

Control Operators group. If that device is outside the AD environment (on the

internet) then AD users will not be able to authenticate (Only local

users).

Remote Control Authentication

When a Remote Control session is attempted (regardless of security type) the

viewer verifies the remote controller’s credentials by checking the user account

that is logged into WINDOWS. It does not matter for Remote

Control authentication purposes what account is logged into the LDMS console.

The account logged into WINDOWS needs to be in the Management

Suite group, and if NT security is being used the WINDOWS

account needs to be in the Remote Control Operators group on the client

system.

Remote Control Scopes

Remote Control scopes only work with Certificate based and Integrated

Security.

The account that is logged into WINDOWS is used

to verify any scope that is being used for Remote Control purposes.

*_Integrated security and Nested AD

groups_*

If Integrated Remote Control security is being used, and Active Directory

(global) groups are being used to populate the LANDesk Management Suite (local)

group, the following must be done or Integrated Remote Control will not

work:

On the core server, open Administrative Tools > Component

Services > Component Services > Computers > My Computer > COM+

Applications > LANDesk. Right click the object and click on

Properties.

Note: The LANDeskComPlus is the default user

specified by the LANDesk COM+ objects. These credentials are used whenever IIS

needs to contact Active Directory, the objects themselves are used when

certificates are created and if possible they attempt to verify credentials

against Active Directory. Since LANDeskComPlus is not a valid AD user, any

attempt by this user to authenticate to Active Directory will result in an

authentication failure.

Specify valid AD credentials in Windows Component Services as follows:

Open the Identity tab and change the "LANDeskComPlus" user to a valid user on

the domain. A valid user is one that has read access to AD. Do the same for the

LANDesk1 COM object as well.