Skip navigation
This discussion is archived
1735 Views 5 Replies Latest reply: Dec 9, 2011 7:21 AM by zman RSS
tlman12 Rookie 10 posts since
Sep 27, 2011

Has received 1 of 9 achievements.
Currently Being Moderated

Dec 6, 2011 2:53 PM

LANDesk Remote permissions

Is there a way in LANDesk (I didn't see it if there was) to say that certain users require approval from the user to dial into an endsystem and certain users don't?

 

the closest thing i can find is chaning the remote permissions to Windows NT Secuirty/ Localtemplate and then specifying the users that would have view only. this dosn't exactly stop them from dialing into a computer without user consient and it seems like it would be come an admin nitemare

 

Thank you

  • Currently Being Moderated
    1. Dec 6, 2011 3:44 PM (in response to tlman12)
    Re: LANDesk Remote permissions

    Unfortunately that permission is configured in the LANDesk agent and on per machine.  So to get what you want, you will need to create two separate agent one with the "end user must grant permission for remote control session" box checked and one don't.  And deploy the two agents to the target machine.  Then assign  the scope with the prompt for permission to the user that need the approval and vice versa.

  • MarXtar SSMMVPGroup 2,050 posts since
    Jul 2, 2008

    Has received 8 of 9 achievements.
    Currently Being Moderated
    2. Dec 9, 2011 3:22 AM (in response to tlman12)
    Re: LANDesk Remote permissions

    Agree that there isn't really a way to do this. The permission required is often a legal requirement and not linked to an individual as such which is why it is on, off, or permission required if user logged in.

     

    Only those that can modify agent settings are able to change this and that would require new agent settings to be deployed.

     

    I'd suggest you check into this properly. Is this something you want to do or is a manager requesting it? There may be an HR policy that forbids this or even a legal requirement depending on which country you are in. What you are looking to do basically allows some people to spy on employees while others are not allowed. Technically it can't easily be done, but always worth knowing if you should even allow it if you can create a workaround.

     

    Mark McGinn

    MarXtar Ltd

    http://landesk.marxtar.co.uk

    LANDesk Silver ESP

     

    The One-Stop Shop for LANDesk Enhancements

    - Wake-On-WAN - Distributed Wake-On-LAN, Scheduled Power Down, and SWDist Sequencing

  • zman Master 3,277 posts since
    Dec 14, 2007

    Has received 9 of 9 achievements.
    Currently Being Moderated
    3. Dec 9, 2011 4:39 AM (in response to tlman12)
    Re: LANDesk Remote permissions

    As Billy and Mark have indicated this is not the design. The issue is that the setting for this is in the registry and in the HKLM (machine part).  If there was a sister setting in HKU then it would be easy to manipulate through a custom AD GPO, etc... So I would go with the highest level of security for everyone (permission required).  To be honest this is not such a bad thing since it helps the acceptance level of RC from the user. Gives them a sense of big brother not snooping on them. There is also a setting to only require permission when somebody is logged on.

  • zman Master 3,277 posts since
    Dec 14, 2007

    Has received 9 of 9 achievements.
    Currently Being Moderated
    5. Dec 9, 2011 7:21 AM (in response to tlman12)
    Re: LANDesk Remote permissions

    There is a way to turn off ask for permissions and restat the landesk remote control via a script. Run another script or custom vulnerability to turn it back on.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 20 points
  • Helpful Answers - 10 points
LANDESK Community powered by Jive SBS® 4.5.7.1  |  Legal Notices  |  Privacy Policy  |  Icon 

TweeterOn Twitter  |  Icon FacebookOn Facebook © 2007 LANDESK Software