Today I had an interesting issue on one of my Clients. This particular Client didn’t apply the Setting Prompt user for Remote Control permission from the Remote Tools Section of the Client Settings.
As you can see on the Screenshot above, the setting is set to No. This means a Helpdesk Employee can use Remote Control without the user’s permission. Normally you want to let this setting on its default value Yes, meaning the user has to Confirm the Remote Control Access.
In some scenarios however, you want to allow Remote Control Access without the Users Permission.
As said, the Client didn’t apply this Setting and kept prompting if an Admin tried to use Remote Control. If you look in the Registry on this Client, you can find the setting in the Hive HKLM:\SOFTWARE\Microsoft\SMS\Client\Client Components\Remote Control\Permission Required. The Value can have the following states.
0 = Don’t prompt user for Remote Control permissions
1 = Prompt user for Remote Control permissions
In my case, this setting was set to 1, instead of 0.
The solution here was actually quite simple.
First, I removed the Client from the Collection, where the Remote Control Client Setting is deployed to. Because I work with Include Collection, I created a new Collection with just this Client in it and added this Collection via Exclude Collection.
The next step is to force a Policy Update on the Client itself. Open the Configuration Manager Control Panel Applet and execute the “Machine Policy Retrieval & Evaluation Cycle”.
Wait a few minutes and then revert the Collection Changes back to the Original State, meaning the Client gets readded to the Client Setting Collection.
Now you can force again a Policy Update on the Client, which in my case flipped the Registry Value finally to 0. As soon as this happened, Remote Control worked without prompting the User for permission.
The “solution” should be as simple as CM client actually working & taking notice what policies are assigned to it
Yet even in 2020 it seems to NOT be the case (hence the need for this workaround)
Is this prompt response from end user enabled in case of an administrator remotely change data in registry only. Or Is this option valid only for Desktop session ?
thank you for the great atricle