• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 373
  • Last Modified:

Remote Desktop - Protection Policy

I currently work in a school and have come across a situation where I need some help.

Currently we have a few seperate schools at which we're required to do administration, this means long walks (currently it's snowing in the UK!) and using the Remote Desktop tool is a life saver. However being a school any technician is simply able to view what a staff or more importantly student is looking at and this surely falls under some legislation.

My question is can I provide different levels of privileges (for remote control software) to a Network Manager and IT Technicians where the NM rank is able to view anything and everything without being 'noticed' and where technicians must be 'accepted' by the user.

If this solution exists in a Windows 2003 server environment that would be great, if not we would have to consider other options.

Thanks in advance!
0
Gumm
Asked:
Gumm
  • 4
  • 3
  • 2
  • +2
2 Solutions
 
Cláudio RodriguesCommented:
This is possible only if you have two NICs on the Terminal Server. The reason for that is the option that controls that is tied to the RDP-tcp listener (launch TSCC.MSC on the TS and double-click RDP-tcp. The 'Remote Control' tab shows that). So you would need a second listener bound to a second NIC. That resolves the issue of having a way to set this differently on a per listener basis but does not give you a mechanism to allow certain groups to remote control with a warning and some without it.
So resuming: if you want to filter this by group, no, this is not possible.

Cláudio Rodrigues
Citrix CTP
0
 
beesterCommented:
Alot of the school customers where I worked earlier swore to this software suite for those kinds of operations:

http://www.netop.com/

Check it out if it would cover your needs.
0
 
GummAuthor Commented:
I am afraid NetOp is too expensive.
tsmvp - I am not sure what you mean by Terminal Server, by this do you mean the location from which I am trying to make a connection? We do not have a single machine that we attempt to connect to all remote clients, we generally all use our own machines in our office. I am afraid your explanation was unclear.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
GummAuthor Commented:
Apologies I am still quite new to the RDP world.
0
 
QlemoC++ DeveloperCommented:
I'm not getting all you are asking for. If you use the RDP feature on client OS, you cannot view the session of users, as you take over that session (the user is locked out). In Terminal Server sessions, you will be able to do surveillance (watch while they act), but need the user's password. For performing remote assistance there is an own feature called the same, but it is cumbersome.
0
 
beesterCommented:
You could also check into PcAnywhere, of course. http://www.symantec.com/norton/symantec-pcanywhere

Dunno about pricing, but I think that would cover your needs.
0
 
GummAuthor Commented:
Qlemo you are getting closer to what I am needing.
What you are basically saying, is that normal technicians could use Remote Desktop to control computers and do administrative tasks to prevent them from looking at a students desktop whilst a network manager that is allowed to look at a students desktop (to see if they are currently up to no good) before taking control.
Am I getting the right idea here?
0
 
GummAuthor Commented:
The difference is that normal Technicians are not allowed to watch children while they are working by law, whereas the Network Manager is allowed. To access a computer whilst a child is working on it, the technician must request authorisation by the child/student before being able to view their material.
It's all part of protecting the children. Only the Network Manager doesn't need to ask permission. Hope that clears things up.
0
 
beesterCommented:
PCAnywhere has different permissions which can be set differently on each user.
0
 
QlemoC++ DeveloperCommented:
So do other similar software packages. pcAnywhere (and many others) are licensed per seat, that is the target computer. There are products like DameWare, which are licensed by admin seats - 5 admins/techs can control hundreds of PCs, but need 5 licenses only. And any non-admin can be allowed to see silently, while a non-admin always needs confirmation for each session.

You can mix up solutions: RDP for the techs - with Fast User Switching, they can get on their own desktop, but will lock out any student at that moment.
For viewing the session, you just use any tool like VNC (several free distributions, some commercial ones), DameWare (to be licensed), pcAnywhere/RAdmin/NetOp/... (to be installed on each client). The user and password needed (if different from OS admin user) has to be held secure then.
0
 
Keith AlabasterCommented:
Dameware Utilities is cracking - and I use it religiously. The remote control function is only one aspect of the suite.
www.dameware.com
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now