Remote Tools Windows 7 UAC

[Barney]

Hi,

 

What do you guys use for remote control of desktops?

 

We are implementing SCCM 2007 and I thought we could use Remote Tools that comes with SCCM to control the clients. The problem is as soon as the Windows 7 UAC screen pops up requesting an administrator credentials you cannot use remote tools to connect or control the computer anymore.

 

Anyone had any experience with this?

[Geniee]

I wanted to explain my situation and how we resolved this issue as i had not found anything on the net that resolved it.

Our remote assistance givers were being (what appeared) to be kicked off the machine when a UAC prompt for credentials was presented on the users desktop.

In fact it was not a disconnection, if you notice there is a pause symbol in the top left of the remote assistance screen.

Anyways, if the user entered creds and hit yes, the session resumes, if they click no, the session resumes.

This activity is actually the users machine prompting for credentials on the windows Secure Desktop, which is not visable on the remote assistance connection.

 

You COULD, turn this off as mentioned above, by turning "Switch to secure desktop when prompting elevation" to "Disabled" but this will lower the security of the PC all the time.

This was not suitable in our environment.

 

After some more discussion with MS, they turned me onto the setting that resolved the problem for us. (this is found in the security policy / local policy)

"UAC : Allow UIAccess applications to prompt for elevation without using the secure desktop" -> Enabled

 

Once this was turned on, when remote assistance was given, the credential prompts were coming through the "Interactive Desktop" which was visable on the remote assistance end.

After the tasks would be performed, and the remote assistance session ended, the machine returns to its secure state and that same action that prompted for credentials on the Interactive desktop, would now prompt using the secure desktop. (so the security would lower when remote assistance was active, but return to its secure state one finished).

 

Hope this helps some people out.

[SCCM_HelpMe]

Hi I have this issue and have tried the above setting but it has not worked. Has anyone else had this issue and managed to resolve?

[Rocket Man]

You could open ports 2701-2702 at a domain level on the default domain policy or create a new SCCM specific GPO at root level and in here enable your file&print and WMI also(just to be neat)....or if you want to do this on seperate GPOs linked to individual OUs you could but it is more time consuming this way especially if you have a large AD infrastructure.

 

 

Link to all ports used by ConfigMgr http://technet.micro...y/bb632618.aspx

 

 

I have set up quite a few sites both LAN and WAN infrastructures and I have seen differences between some sites.......some of them did not require me to open the above ports, the RMC client configuration was suffice,....but other sites required the above ports opened in order for RMC to be successful. I do not know why this is so...but maybe someone with knowledge of this could share this info with us.