How to configure Remote tools settings in a profile

Release Time
05/15/2020
Views
1343 times


Click ‘Configuration Templates’ > ‘Profiles’ > open a Windows profile > Click ‘Add Profile Section’ > ‘Remote Tools’

  • The remote tools feature lets you access files/folders,  processes and services running on any managed Windows device.

  • Once connected, you can view the remote items in the Endpoint Manager console itself. You can navigate the remote file system, copy files to your local machine, and view/terminate running processes or services.
     
  • You can also open the command line interface and run power shell scripts on the remote device through the remote tools feature.
     
  • You can access the feature from the 'Device List' interface:
     
    • Click 'Devices' > 'Device List'
       
    • Select a Windows device from the list
       
    • Click the 'Remote Tools' button in the menu above the table.
       
    • Select 'File Explorer' 'Process Explorer', 'Service Explorer' or 'Commands Interface' to initiate a connection to the device. See this wiki for help to remotely access files/folders, processes and services and run command prompt commands/powershell scripts on a remote device
       
  • You can configure options for the remote tool feature in a profile section applied to a Windows device. You can select whether or not remote access is allowed, whether or not you want to request end-user permission, what messaging is shown to the end-user and more.
     
  • This tutorial explains how to configure the remote tools section of a profile. Note – remote tools are supported only on Windows devices with client version 6.25 or higher.

Add a 'Remote Tools' section to a profile

  • Login to Comodo One/ Dragon
     
  • Click 'Applications' > 'Endpoint Manager'
     
  • Click 'Configuration Templates'  > 'Profiles'
     
    • Click the 'Add Profile Section' button > 'Remote Tools'

      OR
       
    • Click the 'Remote Tools' tab if the section has already been added


 

  • The remote tools section lets you configure whether connections are allowed, how the connection is handled, and what information is shown to the end-user:





Remote Tool Options

  • File Explorer – Enable or disable the ability to manage files on remote endpoints. If disabled, admins will not be able to access files on endpoints which use the profile.
     
  • Perform actions: create, delete, rename - Enable or disable the ability to create/rename/delete files on the remote system.
     
  • File/Folder Transfer – Enable or disable the ability to copy or move files between the remote device and the management computer.
     
  • Process Explorer - Enable or disable the ability to manage running processes on remote endpoints. If disabled, admins will not be able to view or terminate processes on endpoints which use the profile.
     
  • Commands Interface - If enabled, you can run command lines and power shell commands on remote devices’ command prompt.
    • Alternatively, use the 'Apply to all' switch at the top to enable or disable all at-once.
       
  • Establish Remote tools session without asking permission - Connect in the background to endpoints which use the profile. The user of the endpoint is not made aware of the connection.
     
  • Ask user, wait and deny access -
     
    • User logged in: A message is shown to the user which requests them to accept the connection. An example message is show below:



       
      • The connection proceeds anyway if the user does not respond within the timeout period.
         
    • User not logged in: Endpoint manager will auto-connect to the device without showing a notification. 
         
  • Ask user, wait and deny access 
     
    • User logged in: A message is shown to the user which requests them to accept the connection.
       
      • The connection is aborted if the user does not respond within the timeout period. (see screenshot above).
         
    • User not logged in: Endpoint manager will auto-connect to the device without showing a notification. 

Message to Device User:

  • Type a custom message that is shown in the connection request dialogue. The default message is shown if you make no changes here.

  • Note - You can only enter a message if you choose one of the 'Ask...' settings.

Client Notification Options:

  • Choose whether or not a  notification box which is shown on the endpoint when a remote session is active. An example is shown below:

              

 

  • The end-user can view the actions taken on the endpoint by clicking the down arrow at the right of the notification box.

Show notification to device user about who connected to his/her workstation - Enable or disable the notification box

  • Allow user to terminate the connection – Choose whether or not the 'End Session' button is shown in the box. If enabled, end-users are able to close the connection.
     
  • Keep notification window open after session ends - Choose whether or the box is shown on the endpoint after the session is completed.

Click 'Save' to apply your changes.

The new settings are immediately deployed to all endpoints which use the profile.

You can access the remote tools feature in the 'Device List' area:

  • Click 'Devices' > 'Device List'
     
  • Select a Windows device from the list
     
  • Click the 'Remote Tools' button in the menu above the table
     
  • Select 'File Explorer' 'Process Explorer', 'Service Explorer' or 'Commands Interface' to initiate a connection to the device
     
  • See this wiki for help to remotely access files/folders, processes and services and run command prompt commands/powershell scripts on a remote device

Further reading:

How to manage files, processes and services on remote devices

How to perform remote file and folder operations in Endpoint Manager

How to set Remote control options in a profile

How to take Remote Control of a device