How To Create a Custom Security Role for Remote Control

book

Article ID: 179643

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

 

Resolution

Question
How can I create a custom Security Role to allow only Remote Control access?

Answer
These instructions describe how to create and configure a custom Security Role that is limited specifically to Remote Control.

1.  To configure a custom security role which is restricted in the Symantec Management Console (SMC) to use of the Remote Control features only, either create a new role or clone the role that will serve as a model for this purpose.

  • In the SMC, click Settings > Security > Roles.
  • If you are creating a new role, in the left pane right-click Security Roles, then click New > Security Role.
  • If you already have a role that has some of the desired permissions and privileges that you need, right-click the existing role in the left pane and click Clone, then provide a name for the new role.

2.  Assign Privileges

  • From the left pane of the Security Role window, click the new role to view it in the right pane.
  • Click the Privileges tab.
  • To meet the minimum Privileges required for initializing a remote control session, check the following boxes:
    • Under the pcAnywhere Remote Control Mode Privileges section, "Full Control"
    • Under the pcAnywhere Solution Privileges section, "Remote Control"
  • Then click Save changes...

3.  Assign Permissions

  • In SMC, open Security Role Manager by clicking the Show Security Role Manager Console button from the General tab of the Security Role, or by clicking Settings > Security > Permissions.
  • Select the custom role in the Role drop-down list.
  • In the View drop-down list, click Console Menu.
  • Click the pencil button to open the Items Selector dialog.
  • Expand Actions > Remote Management, and click the check box for Remote Control.
  • Click Save changes.
  • Under the Noninherited section, System Permissions, click the check box for Read.
  • Click Save changes...

  • In the View drop-down list, click Resources
  • Click the pencil button to open the Items Selector dialog.
  • Expand Organizational Views > Default > All Resources > Asset > Network Resource, and click check box for Computer.
  • Optionally, if one or more Active Directory Domains were imported, then expand Active Directory Domains > <DomainName>, and click the check box for Computers as well as for any OUs which contain computers.
  • Click Save changes...

  • For each of the Computer or Computers resources checked above, ensure that under the Noninherited section, System Permissions, the box for Read is checked. In other words, in addition to Organizational Views > Default > All Resources > Asset > Network Resource > Computer, this step must also be done for each of the folders checked under the Active Directory Domains tree while in the Items Selector dialog...

  • Optionally, add other Views (such as Filters and Reports related to pcAnywhere) that you wish to allow members of this custom security role to see.
  • Click Save changes, and close the Security Role Manager window.
     
  • Finally, in the Security Roles window, click the new role in the left pane. Click the Membership tab on the right, add the desired Users and Groups, and click Save changes.

 

Attachments