-
Title
Remote Management access control permissions explained -
Description
The Remote Management feature of Desktop Authority allows specific users or groups to be given certain permissions when initiating a remote session. By default, if the user is a local administrator of the host computer, that user will have full control of every feature of Remote Management. This can be changed by removing the “Grant full control to administrators” option for the Remote Management element defined in the Desktop Authority Manager and adding specific users and/or groups to the Access Control list.
-
Resolution
When adding a user or group to the access control list, an Access Settings window is displayed with several permission options. Below is a list of the permission options and an explanation of each:
Login
R – Allows the user to log in to Desktop Authority. By revoking this permission, you can temporarily disable a user’s access to Desktop Authority without having to clear any other permission.
Configuration
R – Allows the user to view Desktop Authority configuration data, including FTP settings.
W – Allows the user to change Desktop Authority configuration data under the preferences menu; set email alerts; modify ftp server and user settings; replace the product license; use network maintenance to install/start/stop Desktop Authority on remote computers; clear security lockout lists; create and install SSL certificates.
D – Allow the user to delete email alert settings; delete FTP servers; delete, kick and ban FTP users and clear FTP statistics.
Scripts
R – Allows the user to view and execute monitoring and maintenance scripts.
W – Allows the user to edit, compile, enable/disable monitoring and maintenance scripts.
D – Allows the user to delete monitoring and maintenance scripts.
Event Viewer
R – Allows the user to read event log entries.
D – Allows the user to clear and backup event logs.
File System
R – Allows the user to list drives, folders and files; read and download files; view file attributes, shared folder information and access control lists; use the file transfer applet.
W – Allows the user to copy and paste, rename, edit files; create and share folders; edit file attributes and access control lists.
D – Allows the user to delete files; remove shares; and disconnect users from shared files.
Registry
R – Allows the user to view registry keys and values; and list installed applications.
W – Allows the user to create and rename registry keys; and change registry values.
D – Allows the user to delete registry keys and values.
Performance Data
R – Allows the user to view system performance data, graphs and detailed hardware information.
Processes
R – Allows the user to view running processes, services and drivers; list .dll’s and objects that these processes use; and view scheduled tasks.
W – Allows the user to change process priorities and service startup parameters; control services; create and modify scheduled tasks.
D – Allows the user to kill running processes and services; delete scheduled tasks.
Reboot
W – Allows the user to restart the Desktop Authority service; initiate and schedule system reboots; and reboot the computer.
Remote Control
R – Allows the user to view and monitor the remote desktop; and use the chat applet.
W – Allows the user to view and interact with the remote desktop.
D – Allows the user to take control over the remote desktop without the interactive user’s permission.
User/Group Accounts
R – Allows the user to list and view user groups and accounts.
W – Allows the user to create new user groups and accounts and modify their details.
D – Allows the user to delete user groups and accounts.
System Configuration
R – Allows the user to list and view system configuration data such as environment variables, virtual memory settings, drive and partition information, network adaptors; and browse active directory objects and properties.
W – Allows the user to modify system configuration data such as environment variables, virtual memory, autologon settings, the system time; and update active directory properties.
D – Allows the user to delete environment variables and active directory properties.
SSH Shell
R – Allows the user to open a command prompt via SSH.
SSH Port Forward
R – Allows the user to use port forwarding via SSH.
SSH Privileged Port Forward
R – Allows the user to use port forwarding for ports below 1024 via SSH.
SCP
R – Allows the user to use SSP (secure file copy) via SSH.
SFTP
R – Allows the user to use SFTP (secure file transfer) via SSH.
Telnet (DA Client)
R – Allows the user to use the secure Desktop Authority telnet applet to open a remote command prompt.
Telnet
R – Allows the user to use any insecure telnet client to open a remote command prompt.