SCCM Remote Control
We currently use SMS 2003 Remote Tools exclusively in our W2K environment. We are migrating to XP and plan on implementing SCCM in Q2 08. I now see that the gold key ctl-alt-del is not supported in SCCM and we woudl have to use MS remote control. The issue is that it will blank out the users screen. We need to have this functionality for when users are not present. What are others planning on using for remote control when migrating to SCCM? Thanks Jim
October 24th, 2007 7:36pm
There are three methods for remote access in SCCM. I believe the first one is called Remote Tools. This method does not require user interaction and allows you to remotely work on a desktop. The second one is Windows Assistant. It requires a user to approve control to the desktop, but offers tools, such as communicating via mic and pc speakers, as well as chat. The final one is RDP and will lock the users session if you log in.
October 25th, 2007 2:43am
Correct, the CTRL+ALT+DEL functionality was removed from SCCM Remote Control. The reason is the new protocol we use, the Vista RDP collab protocol, does not support it. We actually have a request to the Vista team to add that functionality in, so we can add it back to our Remote Control product, but it's not there yet. So, if you need to log on, you would normally use Remote Desktop, even though it logs off the remote user.
October 26th, 2007 2:19am
Wally Always great to hear from you. This issue happens to be significant to us at this time. We are moving to XP and are on SMS 2003 SP2 using remote tools. We would like to disable the remote desktop service on XP but believe it would limit our ability to remote when SCCM is implemented. So in your opinion, do you think SCCM will have the ability to sent the ctl-alt-del comamnd to XP PCs within the next year? Any alternatives or clarifications are welcome. Thanks Jim
November 2nd, 2007 6:50pm
I guess it is good to be appreciated (if that is what you were implying Jim :-) Within the next year, I'd not count on it. We need to wait until Windows Vista adds that capability into their RDP collab protocol, which I heard they did not do in SP1. So not sure when they'll get it in. Sorry about that.
November 3rd, 2007 3:06am
I'd just like to chime in and say that this is also a requirement for us. We do not want to enable RDP on our systems in order to remote control a system where there is no active session. I just discovered this limitation in SCCMa day or two ago, and find thatitwill most likely prevent us from moving to SCCM. Hopefully, the pieces you need in Vista will be added before you drop support for SMS 2003, because between remote control and patching problems, it looks like we will be sitting on SMS 2003 for the forseable future. RDP has two major drawbacks compared with the remote tools present in SMS 2003. First, and for me most important, is that RDP conncections are not centrally audited like the SMS remote tools are (right?). Second, the RDP tool is available to all local Admins. SMS remote tools is managed with a descrete group. One idea that might pass muster with our security officer is to turn RDP off using a group policy, and then use a script to start the RDP service on the remote system just before running the remote tool and then when the remote too exists, turn RDP back off. This would be a pretty simple little script to write. I would need to make sure that when remote.exe tries to connect and then fails over to RDP that the session is still recorded in the SMS audit logs, and that if the GPO refresh occurred while a session was open, that itwould not force the RDP session to close. I am pretty happy with most of the changes and improvementsthat have been made to SCCM especially in the areas of service windows, wake on lan, and OSD, but this change along with the switch to WSUSand the associated loss of patch control are deal breakers for us unless I can figure out a way around them.
November 15th, 2007 8:27pm
You are correct, we provide no logging of any RDP or RA activty, as we just call the functions from the operating system. If they dont't log anything for their tools, there isn't anything. I'm sorry this is an issue for you all, but that's the way it is. I have no idea IF/WHEN we'll have a solution for this. Hopefully sooner than later (or sooner than never).
November 15th, 2007 11:07pm
Hi Wally, Just a quick question on this topic. We have the same issue even though we are connecting to XP computers . The customer will not allow RDP to the desktop, therefore this is considered a leap backwards in functionality to them. Do you have any timelime, or will this issue be addressed soon? Thanks
May 27th, 2008 11:54am
We have similar issues with the new version of Remote Tools. We don't mind that RDP needs to be enabled.But with the new tool our helpdesk looses the ability to view the logon process. When the user is not yet logged on, the helpdesk cant take over the screen other than through Remote Desktop. When already connected, as soon as the user uses CTRL+ALT+DELETE the helpdesk gets disconnected. This means we cant start with SCCM 2007 until we have a solution for this problem. Remote Assistance has the same problem on Vista, we didnt test this on XP yet.
June 13th, 2008 8:13pm
Dameware... It's cheap and easy. You know the original plan was to remove remote control from ConfigMgr?
June 13th, 2008 9:23pm
yeah its a problme to say the least. We did test on XP, but unfortunatley that was with a user already logged on to the PC. But now we have rolled it out to the organization globally. The customer as logged a call with PSS to put the heat on them to sort it. I have managed to convince the customer to use RDP in cases where Remote Tools wont suffice. Good luck and thanks for the feedback.
June 15th, 2008 11:55pm
You bet, its a good tool, dont think the customer wants to go that root though. Thanks for the comments.
June 15th, 2008 11:56pm
Wally,Our Helpdesk is also complaining about this loss in functionality. It's a serious limitation that worked well with SMS 2003. Has Microsoft determined a rough timeline as to when this functionality will be added back?
February 19th, 2009 5:46pm
Just my opinion... and keeping in mind I don't work for Microsoft and this is just my opinion... since the limitation of remote tools is partly due to how Vista RDP collab protocol works, when that changes, then ConfigMgr could be able to leverage that change (through some kind of update, I'm guessing). But... since it appears that Windows 7 looks to be the focus these days... if Windows 7 allows for that, then ConfigMgr could likely leverage it. I don't know if Win7 allows for that, either. Again... just my opinion here; but to me it's just a matter or retraining your staff to use Remote Assistance when there is a person there to accept the RA request, and Remote Desktop when there isn't. It seems to me that quite a few people have forgotten that a few years ago the main focus of everyone was "secure the OS". The legacy SMS remote tools could be configured to quite easily circumvent some security protocols and procedures. If retraining staff to use 2 different tools isn't acceptable, there is always 3rd party remote control tools (as John Marcum posted above) to fill the perceived gaps in functionality. This is going a bit off topic, but if you haven't discovered it yet, I implemented Ron Crumbakers Web Remote Console 3.21 for the helpdesk staff. It's takes a bit to configure it, but it's worth it. There's several add-ons for it, and fixes to existing buttons for changes since it was originally released. Having all the potentially available RC tools in 1 interface was very appealing to the helpdesk staff.Standardize. Simplify. Automate.
February 19th, 2009 8:45pm
Does Windows 7 and Windows 2008 R2 RDP allow that? I wonder if there are any enhancements on this for Windows 7 and Windows 2008 R2.
October 26th, 2009 12:50pm
Hi Wally,Is there any chances of this limitation been fix in a patch or service pack. Since all the latest service packs and even R2 doesnt resolve this issue. Atleast we expect some kind of work around from microsoft since SMS customers upgraded to SCCM are upset with this limitation.Thanks
December 16th, 2009 3:19pm
See Jannes' answer here: http://social.technet.microsoft.com/Forums/en-US/configmgrgeneral/thread/f7ac5827-31d0-4644-8f0d-764b332dc96f
December 16th, 2009 3:22pm