Configuring a Client for Remote Control

 < Day Day Up > 



SMS Remote Tools enables you to deliver help desk support from the SMS administrator's desktop to all supported SMS 2003 clients. As with other SMS components, you begin by configuring the client agent component through the SMS Administrator Console. Keep in mind that, like other client agent settings, the Remote Tools Client Agent settings are configured and effective on a site-wide basis.

If you enable Remote Tools for a site, the Remote Tools Client Agent is enabled and installed on all SMS clients that belong to that SMS site-with no exceptions. If you require users to give permission for an administrator to initiate a Remote Tools session, permission will be required on all SMS clients that belong to that site. This is the nature of all SMS client agents.

Let's begin our discussion of configuration by looking at the client system requirements, including network connection considerations. Then we'll look at the configuration of the Remote Tools Client Agent and the remote options.

Client System Requirements

Clients must meet the following general requirements to use Remote Tools for monitoring and control:

  • The client must be installed as an SMS client. This will allow the client to receive and run the Remote Tools Client Agent.

  • The Remote Tools Client Agent must be installed and started on the client computer. Each client platform uses different agents, services, or utilities to support remote functions.

  • Access to the client must be allowed. The level of remote access to the client must be defined, including who has the ability to initiate a session.

  • The SMS Administrator Console computer and the client must use a common protocol, and that protocol is generally TCP/IP; 32-bit Windows clients also allow Windows Sockets over TCP/IP.

    Note 

    SMS can remotely monitor and control clients that are connected to the network locally or through a WAN. SMS can also perform remote functions when an SMS administrator connects to the client's network using RAS through a minimum 28.8-Kbps connection; however, performance degrades significantly for connections lower than 56 Kbps.

If your clients meet these requirements, you can proceed with enabling and configuring the Remote Tools Client Agent, as we'll see in the next section.

Configuring the Remote Tools Client Agent

The Remote Tools Client Agent is the only component that needs to be configured to enable remote control functionality for your site. To verify that you have installed this agent when you installed your site server, check the list of client agents in the Client Agents node under Site Settings in the SMS Administrator Console, as shown in Figure 10.1. If you don't see the Remote Tools Client Agent listed there, rerun the SMS Setup application from the SMS 2003 CD to add the component to your site server. (Refer to Chapter 2, 'Primary Site Installation,' for more information about the installation process.)

click to expand
Figure 10.1: A list of client agents installed on the site server.

Note 

If you install SMS using the Express Setup option, Remote Tools will be installed and enabled automatically. If you choose the Custom Setup option, you must choose the Remote Tools option; Custom installation doesn't enable Remote Tools by default.

Once the Remote Tools component has been installed, we must specify what remote features we want to enable for the clients in our site and how the Remote Tools sessions should be established. To enable and configure the Remote Tools Client Agent, follow these steps:

  1. In the SMS Administrator Console, navigate to the Site Settings folder and expand it, and then select the Client Agents folder to display the list of client agents (shown previously in Figure 10.1).

  2. Right-click Remote Tools Client Agent and choose Properties from the context menu to display the Remote Tools Client Agent Properties dialog box, shown in Figure 10.2.

    click to expand
    Figure 10.2: The Remote Tools Client Agent Properties dialog box.

  3. In the General tab, select the Enable Remote Tools On Clients check box.

  4. In SMS 2003, you now have the ability to 'lock' your configuration of Remote Tools so that users can't arbitrarily change your settings. If you want to enable this feature, select the Users Cannot Change Policy Or Notification Settings For SMS Remote Tools check box.

    If the client computers are running Windows XP or Windows Server 2003 or higher, a remote assistance tool is already included as part of the operating system. SMS 2003 can leverage this built-in tool for its Advanced Clients without installing the SMS Remote Tools component. In fact, it's recommended that you don't install SMS Remote Tools on such clients. Therefore, if you support client computers running Windows XP or Windows Server 2003 or higher, and if it isn't already selected, select the option Do Not Install Remote Control Components For Advanced Clients Running Windows XP, Windows Server 2003, Or Later.

    The last two Remote Assistance options in this tab let you decide whether you want SMS to manage or override, or both, Remote Assistance settings on the client computers. Select these options as appropriate for your environment.

  5. Select the Security tab, shown in Figure 10.3. Here you create the Permitted Viewers list. This list defines which users or user groups are allowed to perform remote functions on Windows clients. Before a Remote Tools session can be established on a Windows client, the client agent will evaluate this list to determine whether the administrator initiating the session is a valid member.

    click to expand
    Figure 10.3: The Security tab of the Remote Tools Client Agent Properties dialog box.

  6. To add users or user groups to this list, click the New button (the yellow star) to display the New Viewer dialog box and enter the name of the Windows user or security group. Although it's recommended that you manage this list using security groups, you can use user accounts when necessary.

    Note 

    In order to run Remote Tools on a client computer, the SMS administrator must either be a local Administrator on the client computer or appear in the permitted viewers list explicitly or as a member of a group.

  7. Select the Policy tab, shown in Figure 10.4. This tab contains settings that define the scope of remote access and the permission level.

    click to expand
    Figure 10.4: The Remote Tools Client Agent Properties dialog box Policy tab.

    Three levels of access are available:

    • Full-Allows all remote functions and diagnostics to be run

    • Limited-Selects individual functions

    • None-Prohibits remote control

  8. If you choose Limited, click the Settings button to display the Default Limited SMS Remote Tools Settings dialog box, shown in Figure 10.5, which contains a list of remote functions to enable or disable.

    click to expand
    Figure 10.5: The Default Limited SMS Remote Tools Settings dialog box.

    As you can see, all these options are enabled by default. Each of the options you select here generates a different level of network traffic, and the first option probably generates the most traffic. Click OK to return to the Policy tab.

  9. You can indicate whether you want the user to give permission for the Remote Tools session to be initiated. If you select Display A Message To Ask For Permission, the user will have to respond Yes or No in a pop-up message box before the session can begin. This option might be required in organizations that must comply with C2-level security guidelines. Notice that you can restrict this functionality to Windows 98 clients.

  10. In the Policy tab, in the Remote Assistance frame, you can choose to allow full control, remote viewing, or no control for client computers that support Remote Assistance.

  11. Select the Notification tab, shown in Figure 10.6. In this tab, you specify how the client will be notified that a Remote Tools session has been established.

    click to expand
    Figure 10.6: The Remote Tools Client Agent Properties dialog box Notification tab.

    By default, both a visual and an audible indicator will be enabled on the client. The visual indicator can be either a taskbar status icon (the Show Status Icon On Taskbar option) or a high-security icon (the Show Indicator On Desktop option) that appears in the top-right corner of the user's desktop and can't be hidden. You can optionally have the indicators display when no Remote Tools session is active. Audible indicator choices include playing a sound when the session begins and ends or repeatedly throughout the session (the default).

    Note 

    The settings in the Notification tab apply only to SMS Remote Tools and not to Remote Assistance.

  12. Select the Advanced tab, shown in Figure 10.7. This tab allows you to specify several advanced feature settings that affect the performance of remote functions.

    click to expand
    Figure 10.7: The Remote Tools Client Agent Properties dialog box Advanced tab.

  13. Remote Tools uses low-compression and high-compression methods to control the demands on network bandwidth generated during Remote Tools sessions. Using the Default Compression For Remote Control option, you can select either method for all clients to follow or you can allow SMS to select the optimal compression method on a per-client basis. By default, the agent will negotiate for the most appropriate compression method based on the client's processor speed.

    If you select Low (RLE), SMS uses the Run Length Encoding (RLE) compression method. You should typically use this setting for clients running Windows NT 4.0 or Legacy Clients with CPUs that are slower than a 150-MHz Pentium processor. This method works well on slower CPUs because of the lower demand on CPU cycles. It can also help resolve video transfer problems that might arise from hardware incompatibilities on the client.

    If you select High (LZ), SMS uses the Lempel-Ziv (LZ) compression method. This is a math-intensive compression algorithm, and therefore it requires more intensive CPU processing. This method of compression should be configured for clients running Windows 2000 or higher. This setting minimizes network utilization; however, it might also impact client performance during the Remote Tools session.

    By default, SMS 2003 clients will use TCP/IP; you can't change this value for SMS 2003 sites.

  14. For your Windows clients, you can optionally enable the Install Accelerated Screen Transfer On Windows-Based Clients option. If any client computers are running Windows NT, they'll install video acceleration only if they use one of the drivers that appears in the Compatible Video Drivers list, a list of drivers that have been tested by Microsoft and that can run with the screen transfer 'wrapper' Idisntkm.dll that SMS installs on the client when this option is enabled. The wrapper is a piece of program code that helps to speed up the screen transfer during a Remote Tools session.

    Caution 

    You can add drivers to this list by clicking the New button. However, the screen transfer software works only with the video drivers listed and any other drivers compatible with those listed. If you add a driver to the list, be sure to test and ensure that the Remote Tools session works properly.

  15. Click OK to begin the site update process.

As usual, the Remote Tools Client Agent will be installed on SMS Legacy Clients, and enabled on SMS Advanced Clients, during the next update cycle on the client or when the client forces an update through the Systems Management program in the Control Panel. At this point, an SMS administrator will be able to initiate a Remote Tools session according to the options you configured for the agent.

Caution 

If you make changes to any of the options in the Advanced tab of the Remote Tools Client Agent Properties dialog box after the Remote Control Client Agent has been installed on the clients, the clients won't receive the new settings. In this case you could uninstall the agent by disabling it at the site server, updating the clients, and then reenabling the agent so that the clients can get the new settings.

Remote Tools Client Agent Installation Process Flow

Like the other client agents, Remote Tools is installed but not enabled on Advanced Client computers. When you enable Remote Tools in the SMS Administrator Console, an Advanced Client policy is generated and applied to the client at the client's next policy update interval (once an hour by default). However, the update process is a bit more involved for Legacy Clients.

The Legacy Client executes Remctrl.exe to install the Remote Tools Client Agent and its support files, including Remote Control support (Wuser32.exe), File Transfer Slave Agent (Wslave32.exe), and Remote Chat (Wchat32.exe). All in all, about 1.8 MB of disk space will be required on the client, and a corresponding amount of network traffic will be generated.

On Windows NT 4.0 and Windows 2000 clients, Wuser32 is installed as a service, the appropriate registry keys are created and updated, and the agent is started. Additionally, two other services are loaded to support virtual keyboard and mouse devices-KBStuff.sys and RCHelp.sys. On Windows 98 clients, Wuser32 is installed as a client service, the appropriate registry keys are created and updated, and the agent is started.

The Remote Control application on Legacy Clients contains two programs, Hardware Munger and Security Munger. A munger basically reconciles configuration settings relating to network interface cards (NICs) and protocols on the client with settings from multiple sites that the client might belong to. The Hardware Munger runs once at installation or when a Repair Installation procedure is run through the Systems Management program in Control Panel. The Hardware Munger manages all hardware settings for the Legacy Client and implements the sitewide settings that you configured for the Remote Tools Agent. It also determines the compression type and video acceleration for Windows NT 4.0 clients and higher.

The Security Munger runs whenever a change is made to the SMS-related registry keys on the client. It updates the Remote Tools Client Agent settings on the client and determines whether the user attempting a remote session has the appropriate level of permissions-that is, if a local administrator appears in the Permitted Viewers list.

Tip 

For more information about mungers and other processes related to Remote Tools, refer to Chapter 9 of the Microsoft Systems Management Server 2003 Operations Guide, available for viewing and download through Microsoft TechNet, and available as a print book from Microsoft's SMS Web site (http://www.microsoft.com/smserver) as well.

Each step in the installation process is recorded on the Legacy Client in the %Windir%\MS\SMS\Clicomp\RemCtrl\Install.log file, and remote control activity is recorded in the %Windir%\MS\SMS\Logs\Remctrl.log, as shown in Figures 10-8 and 10-9. Notice in Figure 10.9 the notation regarding the initialization of the Hardware Munger (Rchwcfg.exe) process. Remote control activity on the Advanced Client is recorded in the %systemroot%\system32\ ccm\logs\Remctrl.log file, an example of which is shown in Figure 10.9.

click to expand
Figure 10.8: Sample Remctrl.log file.

click to expand
Figure 10.9: Sample Remctrl.log file from the Advanced Client.

Setting Remote Options at the Client System

If the SMS administrator doesn't enable the option Clients Cannot Change Policy Or Notification Settings in the General tab of the Remote Tools Client Agent Properties dialog box, the user at the client computer will be able to choose some site settings for the Remote Tools session. For example, the user can specify which remote functions to enable, whether permission for the Remote Tools session must be granted first, and how the Remote Tools session will be announced on the client system. The user can modify the remote control options on the client from the Remote Control program in Control Panel, which is added when the Remote Tools Client Agent is installed, as shown in Figure 10.10. The client's remote control settings will take precedence over the site's default settings. You'll have to determine whether allowing the user such latitude is practical or desirable.

click to expand
Figure 10.10: The Remote Control program added to the client's Control Panel.

To configure the Remote Tools options on a client, follow these steps:

  1. From the client's Control Panel, double-click the Remote Control program to display the Remote Control Properties dialog box, shown in Figure 10.11.

    click to expand
    Figure 10.11: The Remote Control Properties dialog box.

    The settings in the General and Notification tabs will reflect those configured in the SMS Administrator Console.

  2. To make a change, clear the Use Administrator Settings check box at the bottom of either tab and configure the policy and notification settings as described in the previous section.

  3. Click the Show Status button in the General tab to display the Remote Control Status dialog box, shown in Figure 10.12, which contains connection information regarding the agent. This information will include the client's IP address and name, the level of compression and acceleration used, and whether a session is currently active. From this screen the user can also click Close Session to terminate the session.

    click to expand
    Figure 10.12: The Remote Control Status dialog box.

    If the Show Indicator On Desktop visual indicator notification is enabled, users can display the same screen by double-clicking the face of the indicator.

  4. Click OK to save your settings.

When the Remote Tools Client Agent has been correctly configured and installed on your SMS clients, you should be able to establish remote control sessions. However, one of the client requirements mentioned earlier was that the client and the SMS Administrator Console computer both use the same protocol. This requirement isn't always as clear-cut as we might think, as we'll see in the next section.



 < Day Day Up > 



Microsoft Systems Management Server 2003 Administrator's Companion
Microsoft Systems Management Server 2003 Administrators Companion (Pro-Administrators Companion)
ISBN: 0735618887
EAN: 2147483647
Year: 2006
Pages: 178

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net