How to prevent unauthorized Remote Control (RC) sessions because of delay in policy deployments?

book

Article ID: 52371

calendar_today

Updated On:

Products

CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager CA Server Automation

Issue/Introduction

Description

Because of security reasons every RC session may need to be confirmed by the logged on user.
When distributing the CA Remote Agent plugin using the Deployment Wizard, it may take some time until the configurations of the 'Default Computer Policy' is loaded on the agent. Until then, the machine is open for remote connection without user confirmation.

Solution

To ensure that the 'Default Computer Policy' is applied to the RC agent before any RC session is attempted; deploy only the SD agent, then use a software policy to deploy the AM and RC plugins. This will cause the configuration policy to be sent to the agent prior to the delivery of the RC agent. Even though the RC plugin is not installed right away, its policy settings are stored in the agent's comstore (configuration file).

If you are only deploying Remote Control, deploy only the Basic Hardware Inventory plugin at first; then a little later deploy RC plugin. Again this will cause the policy to be delivered to the agent prior to RC being installed so that when RC is enabled; it will already have the appropriate policy.

Environment

Release: UASIT.99000-11.2-Asset Intelligence
Component: