Recently we were looking for a way to save one of our departments some funds by discontinuing their use of TeamViewer to remotely access machines and do work that they need to complete. We use Microsoft’s System Center for imaging and deployment, but did not allow anyone outside of the technology department to use the remote access tools in the System Center Configuration Manager Console.
We had an administrative group setup in SCCM that allowed our network engineer, technicians, and technology systems specialists to have full access to the console, but we had not setup other users to be able to use it for remote access for two reasons: 1. We needed to examine what roles were available to as to limit their ability in the console, and 2. We really just were not sure how.
We began to dig in and study the roles made available in SCCM and found the Remote Tools Operator role. Upon research, we discovered that this was the exact role that we needed to assign for these users. We did and set off to install the console software on their desktops and show them how to use the tools available. This went off without a hitch while I was at their respective desks and walked them through the process, but that is where the simple things ended.
We discovered later that when they would attempt to remote control a machine that they had not previously logged into, they would be prompted with an error that they did not have the rights to use the remote control and have a login prompt asking for a user with the rights to login. I was stumped. This led me to dig in more.
I discovered that simply giving the user the role in SCCM DID NOT give them the ability to actually remote control machines in our domain that they had not logged into previously. To fix this, the client settings had to be altered under the remote tools properties. There is a setting for users who were allowed to remote control systems using the console. Once these two users were added to that setting and the client settings replicated out across the domain, they were able to quickly and easily remote control any machine they needed to do their work.