The information in this topic applies only to System Center 2012 R2 Configuration Manager.

Remote connection profiles in System Center 2012 Configuration Manager have external dependencies and dependencies in the product.

Dependencies external to Configuration Manager


More Information

Remote Desktop Gateway server

If you want to enable users to connect on the Internet from outside the company domain, you must install and configure a Remote Desktop Gateway server.

If Remote Desktop or Terminal Services settings are managed by another application or Group Policy settings, remote connection profiles might not work correctly. When you deploy remote connection profiles from the Configuration Manager console, its settings are stored in the local policy of the client computer. These settings might override Remote Desktop settings that are configured by another application. Additionally, if you use Group Policy settings to configure Remote Desktop settings, the settings that are specified in the Group Policy settings override the settings that are configured by Configuration Manager.

For more information about how to install and configure a Remote Desktop Gateway server, see the Windows Server documentation.

If client computers run a host-based firewall, it must enable the Mstsc.exe program.

When you configure a remote connection profile, you must enable the Allow Windows Firewall exception for connections on Windows domains and on private networks setting. When this setting is enabled, Configuration Manager automatically configures Windows Firewall to enable the Mstsc.exe program. However, if client computers run a different host-based firewall, you must manually configure this firewall dependency.

Group Policy settings to configure Windows Firewall can override the configuration that you set in Configuration Manager. If you use Group Policy to configure Windows Firewall, ensure that Group Policy settings do not block the Mstsc.exe program.

Configuration Manager Dependencies


More information

Configuration Manager must have a configured connection to Windows Intune by using the Windows Intune Connector site system role.

For more information about connecting Configuration Manager to Windows Intune, see How to Manage Mobile Devices by Using Configuration Manager and Windows Intune.

In order for a user to connect to a work computer on the company network, that computer must be a primary device of the user.

For more information about user device affinity in Configuration Manager, see How to Manage User Device Affinity in Configuration Manager.

Specific security permissions must have been granted to manage remote connection profiles.

You must have the following security permissions to manage remote connection profiles:

  • To view and manage alerts and reports for compliance settings: Create, Delete, Modify, Modify Report, Read, and Run Report for the Alerts object.

  • To manage configuration baseline deployments: Deploy Configuration Items, Modify Client Status Alert, Modify, Read, and Read Resource for the Collection object.

  • To create and manage configuration baselines and configuration items: Create, Delete, Modify, Modify Folder, Modify Report, Move Object, Read, Run Report, and Set Security Scope permission for the Configuration Item object.

  • To run queries that are related to compliance settings: Read permission for the Query object.

  • To view compliance settings information in the Configuration Manager console: Read permission for the Site object.

  • To select software updates to be used in configuration baselines: Read permission for the Software Updates object.

  • To view status messages for compliance settings: Read permission for the Status Messages object.

The Compliance Settings Manager security role includes these permissions that are required to manage remote connection profiles and compliance settings in Configuration Manager. For more information, see the Configure Role-Based Administration section in the Configuring Security for Configuration Manager topic.

See Also