Is there a way in LANDesk (I didn't see it if there was) to say that certain users require approval from the user to dial into an endsystem and certain users don't?
the closest thing i can find is chaning the remote permissions to Windows NT Secuirty/ Localtemplate and then specifying the users that would have view only. this dosn't exactly stop them from dialing into a computer without user consient and it seems like it would be come an admin nitemare
Unfortunately that permission is configured in the LANDesk agent and on per machine. So to get what you want, you will need to create two separate agent one with the "end user must grant permission for remote control session" box checked and one don't. And deploy the two agents to the target machine. Then assign the scope with the prompt for permission to the user that need the approval and vice versa.
Agree that there isn't really a way to do this. The permission required is often a legal requirement and not linked to an individual as such which is why it is on, off, or permission required if user logged in.
Only those that can modify agent settings are able to change this and that would require new agent settings to be deployed.
I'd suggest you check into this properly. Is this something you want to do or is a manager requesting it? There may be an HR policy that forbids this or even a legal requirement depending on which country you are in. What you are looking to do basically allows some people to spy on employees while others are not allowed. Technically it can't easily be done, but always worth knowing if you should even allow it if you can create a workaround.
LANDesk Silver ESP
The One-Stop Shop for LANDesk Enhancements
As Billy and Mark have indicated this is not the design. The issue is that the setting for this is in the registry and in the HKLM (machine part). If there was a sister setting in HKU then it would be easy to manipulate through a custom AD GPO, etc... So I would go with the highest level of security for everyone (permission required). To be honest this is not such a bad thing since it helps the acceptance level of RC from the user. Gives them a sense of big brother not snooping on them. There is also a setting to only require permission when somebody is logged on.
Hey, thank you for the replys.
this is something being requested by my manager. the situation is we have 4 technicions that are constantly in and out of computers and to have it be approved by the user everytime is going to really put damper on it. a lot of the time an user requests work to be done thorugh an e-mail and supplies us with the IP address and when we get to it we will dial in. most of us are in 2-4 comupters at once and are on the phone as well. (under staffed) but to have to call every user and make sure their their to accept our dial in request would be a pain. (they all know and expect "big brother" is watching them)
on the other side we have a programming staff of about 6 that occasionally remote into a computer, with the user ont the phone) to attempt to troubleshoot an issue with their application, but my manager dosn't want them to have the ability to just jump inot any computer on a whim.
so both departments need access to all computers but only one would be feasable to have the restriction.
I personally don't think that this is going to make any difference but its one of those things like the saying "Locks are only for honest people". I know and i ahve brought up the point that there are free programs out there that allow you to remote into any computer and they don't even needd the agent installed to begin with (dameware being one)
if it's not a planned feature then i'm just going to take that to my manager and say that it can't be done.
thanks again for the your help.