Kaseya Community

Limit User Access to Workstations Only

  • Hello. We have a few users that would like access to remote control their workstations. As of right now, I see two possible methods to do this:

    1) Create a unique username and password for each workstation
    2) Create a separate admin account for the client and restrict them to only their group and the remote control function.

    Obviously method number two makes more sense as my client would only need to remember one username and password, but the problem occurs when I want to restrict the user to just looking at desktops and laptops (no servers).

    Other then creating a new group and putting all of the workstations within, is there a way to restrict remote control access to a certain type (or view)?

    Legacy Forum Name: Limit User Access to Workstations Only,
    Legacy Posted By Username: lowray1975
  • lowray1975
    Hello. We have a few users that would like access to remote control their workstations. As of right now, I see two possible methods to do this:

    1) Create a unique username and password for each workstation
    2) Create a separate admin account for the client and restrict them to only their group and the remote control function.

    Obviously method number two makes more sense as my client would only need to remember one username and password, but the problem occurs when I want to restrict the user to just looking at desktops and laptops (no servers).

    Other then creating a new group and putting all of the workstations within, is there a way to restrict remote control access to a certain type (or view)?


    From the way you described number one, you probably already know about this functionality but I could read what you wrote a couple of ways so I want to make sure.

    On the Agent tab, click on User Access under Configure Agents. You can then enable Remote Control for a workstation and create a Login Name and Password for that workstation. They then go to httpSleep://[KaseyaUrl]/access to remote into the workstation.

    Michael

    Legacy Forum Name: How-To,
    Legacy Posted By Username: RCS-Michael
  • Hi Michael,

    The only problem with the method you descibed is that I would need to create a different username for each workstation the remote user would want to control. This is what I'm trying to avoid.

    Thanks for the quick reply!

    Legacy Forum Name: How-To,
    Legacy Posted By Username: lowray1975
  • this is cheating... but, what about creating a script to install logmein and just allowing them remote access via the logmein account

    Legacy Forum Name: How-To,
    Legacy Posted By Username: Resistance2Fly
  • lowray1975
    Hi Michael,

    The only problem with the method you descibed is that I would need to create a different username for each workstation the remote user would want to control. This is what I'm trying to avoid.

    Thanks for the quick reply!


    I understand. We have customers that have an account on Kaseya limited to their group. (We do it for reporting purposes to help meet FDA regulations - not for remote access.) And the problem I have with it is that their account shows up in Ticketing and Chat. So, that account is viewable by all of our other customers when using the Ticketing or Chat features to communicate with us.

    When you enable remote access on a computer, the users can apparently use the machine ID in lieu of a user ID to login. So, you would still have to create a user ID/password combination and associate it with a machine ID but you wouldn't have to hand out the user IDs. Then, the users would login with the machine ID to which they want to connect and the associated password. You could look at bulk inserting those IDs into the database. In this situation, I would create all of the user IDs within a customer group with the same password and then give the customer the list of machine IDs and the common password along with the URL for access. I know people don't like to touch the raw database but it could be an option. You would want to analyze what calls the GUI makes when you create the accounts via the GUI and regularly check it but it is an option.

    Michael

    Legacy Forum Name: How-To,
    Legacy Posted By Username: RCS-Michael
  • How about this?
    http://www.provantage.com/sonicwall-01-ssc-5946~7SONI041.htm

    Big Smile

    Legacy Forum Name: How-To,
    Legacy Posted By Username: rwitt
  • All good ideas, although I'm trying to remove any manual creation of usernames and password. I didn't realize that if I were to create an admin for a client he would show up for chat purposes - that sucks... It would be nice if there was a way around that...

    Legacy Forum Name: How-To,
    Legacy Posted By Username: lowray1975
  • If you have these machines in an Active Directory environment, then you can quite easily limit the machines to which a user can logon to.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: ryan.odwyer
  • Actually I would like the user to be able to log into all of the workstations, but I don't want to have to manage separate usernames and passwords for each workstation, or have to update a new username/password when a new machine is added.

    Adding the user as a Kaseya admin is the best approach, although has major limitations and annoyances.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: lowray1975
  • ... that SonicWall SSL VPN 200 has AD integration. You can set it up once and pretty much be done with it. Cheap, too.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: rwitt
  • Create a subgroup called: workstations.
    Create a subgroup called: server.

    Create the account.
    give only access to the account for group.workstations.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: ealvarado
  • ealvarado
    Create a subgroup called: workstations.
    Create a subgroup called: server.

    Create the account.
    give only access to the account for group.workstations.


    This, also..

    Don't forget to create a Admin group and limit what that user can see/do.

    Then System Tab -> Function Access -> Remote Ctrl -> Uncheck Message With User to prevent that user from sending Chats to other logged in Admins.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: CeruleanBlue
  • CeruleanBlue
    This, also..

    Don't forget to create a Admin group and limit what that user can see/do.

    Then System Tab -> Function Access -> Remote Ctrl -> Uncheck Message With User to prevent that user from sending Chats to other logged in Admins.


    This ends up being exactly what I ended up doing, the only problem is that I hate that "Powered by Kaseya" is on the bottom of each page. I love Kaseya, although I really can't have my clients knowing what management product we use... I really hope kaseya corrects this branding issue in the future...

    Legacy Forum Name: How-To,
    Legacy Posted By Username: lowray1975
  • Good luck with that branding issue. It has been requested many times, I suggest you send in a formal change request just to put another tick against the request.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: rwitt
  • rwitt
    Good luck with that branding issue. It has been requested many times, I suggest you send in a formal change request just to put another tick against the request.


    A formal request change - is there such an email address?!?!

    Legacy Forum Name: How-To,
    Legacy Posted By Username: lowray1975