 Note |
|---|
| The information in this topic applies only to System Center 2012 R2 Configuration Manager. |
Use remote connection profiles in System Center 2012 Configuration Manager to allow your users to remotely connect to work computers when they are not connected to the domain or if their personal computers are connected over the Internet.
Remote connection profiles let you deploy Remote Desktop Connection settings to users in your Configuration Manager hierarchy. Users can then use the company portal to access any of their primary work computers through Remote Desktop by using the Remote Desktop Connection settings provided by the company portal.
Windows Intune is required if you want users to connect to their work PCs by using the company portal. If you are not using Windows Intune, users can still use the information from the remote connection profile to connect to their work PCs by using Remote Desktop over a VPN connection.
 Important |
|---|
| When you specify remote connection profile settings by using the Configuration Manager console, the settings are stored in the local policy of the client computer. These settings might override Remote Desktop settings configured by another application. Additionally, if you use Windows Group Policy to configure Remote Desktop settings, the settings specified in the Group Policy will override those configured by using Configuration Manager. |
Workflow for Using Remote Connection
Profiles
The following table shows a high-level overview of the steps required to implement and use remote connection profiles in your organization.
| Step | Description |
|---|---|
|
The Configuration Manager administrative user makes sure that the necessary prerequisites are in place to use remote connection profiles. |
See the topic Prerequisites for Remote Connection Profiles in Configuration Manager. |
|
The Configuration Manager administrative user creates a remote connection profile that contains details about the Remote Desktop Gateway server and connection settings that will be used to connect to work computers. |
See the topic How to Create Remote Connection Profiles in Configuration Manager. |
|
The Configuration Manager administrative user deploys the remote connection profile to the devices that will be enabled for remote connections. |
See the topic How to Deploy Remote Connection Profiles in Configuration Manager. |
|
The users can connect to their primary devices after they are published in the Windows Intune Self Service Portal. |
No additional information. |
When you install System Center 2012 R2 Configuration Manager, a new security group, Remote PC Connect, is created. This group is populated when you deploy a remote connection profile that includes the primary users of the computer to which you deploy the profile. Although a local administrator can add user names to this group, these users will be removed from the group when deployed remote connection profiles are next evaluated for compliance.
If you manually add a user to this group, the user can initiate remote connections, but the connection information will not be published in the company portal.
If you manually remove from the group a user that has been added by Configuration Manager, Configuration Manager will automatically remediate this change by adding the user back when the remote connection profile is next evaluated for compliance.
| Important |
|---|
| If the user device affinity relationship between a user and a device changes (for example, the computer a user connects to, stops being a primary device of the user, Configuration Manager disables the remote connection profile and Windows Firewall settings to prevent connections to the computer. |