On the Remote Tools Client Agent Properties Security tab, a list of permitted viewers is displayed. Permitted viewers are those users and user groups that are allowed to access Windows NT clients remotely. From this tab, you can add and delete members form the permitted viewers list. Although membership in the Permitted viewers list is a good method to secure Windows NT workstations and servers, MMC-based security covers Remote Tools security for all discovered client workstations based on collection. It is not enough to configure Permitted viewers list security for someone to use Remote Tools on Windows NT clients; you must also create a security right to use Remote Tools on specific collections and assign that right to a user or user group.
For non-Windows NT clients, creating security rights on collections is the primary method of controlling who can use Remote Tools.
For Windows NT Workstation 3.51, 4.0, and 5.0 clients, all requests for remote control access are automatically logged to the Windows NT security log on the client.
By default, if the user account you are using to access a client is not a member of that client's local Administrators group, you are prompted for an appropriate user name and password.
Note Clients can be included in more than one SMS site. When this happens, clients might have conflicting site settings. For example, assume a client belongs to two sites. In one site, the SMS administrator has allowed Remote Control. In the other site, Remote Control is denied. The client will evaluate the conflicting security permissions and apply the more restrictive of the two security settings. In this example, the client will deny Remote Control functionality to any SMS administrators attempting to remotely control the client.
Related Topics
