• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 634
  • Last Modified:

Remote Assistance & Administrator Rights & SMS2003

In my organization we are defining the security rights and we need groups which could connect to computers using remote assistance or remote tools in SMS 2003 without being an administrator in the target pc.
We have tried different configurations, using the group “Offer Remote Assistance Helpers” and nothing happened, it’s still asking for an account with administrator rights in the case of “Remote Tools” or giving an access error in the case of “Remote Assistance”.
Our environment consists in a Windows 2003 Active Directory and SMS 2003 as our patching and distribution utility.
Please let me know if you need any other relevant information to find the right answer.
Thank you in advance!
0
aysa_servicios
Asked:
aysa_servicios
  • 8
  • 7
2 Solutions
 
merowingerCommented:
You can use the sMS 2003 Remote Tools feature to connect to your clients.
For this you have to enable Remote Tools on the SMS 2003 Clients.

SMS 2003 -> Site Settings -> Client Agents -> "Remote Tools Client
Agent" -> properties -> Enable

On the security-tab you can add permitted viewers e.g. an Active Directory Group which you've created.
0
 
aysa_serviciosAuthor Commented:
That’s exactly what we have done but it doesn’t work if the users aren’t in the administrator group in the target PC.
0
 
merowingerCommented:
Do does users or group have "use remote tools" rights on the colellections (e.g. all systems"?
http://technet.microsoft.com/en-us/library/bb694296.aspx
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
aysa_serviciosAuthor Commented:
Yes they have, indeed my account is the SMS administrator with full access rights and if I am not added in the administrator group of the target pc it fails.
0
 
aysa_serviciosAuthor Commented:
We all also have the correct configuration in AD remote control settings.
SMS.JPG
0
 
merowingerCommented:
0
 
aysa_serviciosAuthor Commented:
I have already checked those articles.
0
 
merowingerCommented:
0
 
aysa_serviciosAuthor Commented:
I have already checked that article.

Could this kb http://support.microsoft.com/kb/308013 apply to SMS 2003 too? If this is correct there isn´t a way to connect without being a local administrator in the target pc.

Hope not.
0
 
merowingerCommented:
no i dont think so. on each article i found there was a note that no local admin permissons are required
0
 
aysa_serviciosAuthor Commented:
Could you tell me please where I could find that note?

Thank you in advance!
0
 
merowingerCommented:
"Local administrator rights are not required for a user to be able to use Remote Tools. If the collection and Permitted Viewers list security is met, the Remote Tools user can use Remote Tools on the client."
http://technet.microsoft.com/en-us/library/cc181468.aspx
0
 
aysa_serviciosAuthor Commented:
Merowinger,
Thanks for your help, but I still can't connect to my clients.
I've done everything documentation says, permitted viewers, collection and remote tools security.
The domain user that I used for these tests cannot connect to the clients when I try to offer remote assistance through SMS 2003, it only works when I designate that domain user as local administrator for a particular client.
Is there anything else I’m missing? GPOs? Something in AD or a remote registry?
Sorry to bother, but this is a critical issue for me and my company.
0
 
merowingerCommented:
You can run a RSOP.msc on the remote client to check all GPO's which are applied
0
 
aysa_serviciosAuthor Commented:
Anything’s work I’m planning to migrate to SCCM 2007. Thanks for your collaboration.
0

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now