Also remember, If you are running a host-based firewall on your clients you may need to open it up to allow ports 2701, 2702, 3389 and 135. And if your technicians are remoting from the client computers, you will need to open the ports peer-to-peer, instead of from the server to the clients like most rules in client firewalls. All our technicians are on a certain subnet, so we were able to just allow this one subnet access to those ports on all clients and servers in the org.
https://technet.microsoft.com/en-us/library/bb632618.aspx Was it back in SCCM 2007 that you could only use Remote Control when a user was logged in and you had to use Remote Desktop when they were logged off? Either way, it looks like Remote Control in 2012 supports remoting in even if the user is logged off, so that's a good thing. My memory is hazy because we abandoned SCCM's Remote Control for Dameware years upon years ago. Dameware is a lot better, but it's not "free". On Thu, Mar 26, 2015 at 4:32 PM, Heaton, Joseph@Wildlife < [email protected]> wrote: > That is EXACTLY what I'm looking for. Thanks so much for that! > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Gailfus, Nick > *Sent:* Thursday, March 26, 2015 1:22 PM > *To:* [email protected] > *Subject:* Re: [mssms] RE: Cfg Mgr Remote Control tool > > > > Here it is in SCCM 2012. If you need users to only be able to remote > control specific machines I would build a different remote tools policy for > each group of users and deploy it to collections of machines they are > allowed remote control to. > > > > [image: Inline image 1] > > > Nick Gailfus > Computer Technician > p. 602.953.2933 f. 602.953.0831 > [email protected] <[email protected]>| www.leonagroup.com > > > > On Thu, Mar 26, 2015 at 1:14 PM, Jason Sandys <[email protected]> wrote: > > The local windows Remote Desktop Users group has nothing to do with Remote > Control in ConfigMgr - that's used for Remote Desktop, two different > things. The user must be a member of a group specified in Client Settings > for Remote Control or a local admin on the target system. > > > > J > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Heaton, Joseph@Wildlife > *Sent:* Thursday, March 26, 2015 3:06 PM > *To:* [email protected] > *Subject:* [mssms] Cfg Mgr Remote Control tool > > > > I'm getting more requests to allow folks that are in charge of specific > applications to be able to remote in to end users' PCs to "shadow" them, > and help troubleshoot issues. Historically, we would add those folks to > the group that has local admin rights on PCs in the organization, and they > were then able to do this. I'd really like to move away from that. In > testing, I added my test user to the Builtin\Remote Desktop Users group, > thinking that would give them the permissions needed, then add them to the > Remote Tools Operators group in SCCM. I'm not having success with this. > What rights does someone need, to be able to use the Remote Control tool > through SCCM? > > > > Thanks, > > > > Joe Heaton > > Enterprise Server Support > > Information Technology Operations Branch > > Data and Technology Division > > CA Department of Fish and Wildlife > > 1700 9th Street, 3rd Floor > > Sacramento, CA 95811 > > Desk: (916) 323-1284 > > > > > > > > > > > >
